Anonymous transaction authentication

ABSTRACT

An automated system for the confirmed efficient authentication of an anonymous subscriber&#39;s profile data. The system is comprised of software/hardware interface to facilitate centralized access and exchange to easily and inexpensively allow the confirmed authentication of subscriber profiles of customers wishing to blind their transactions, while maintaining current services. In one aspect the system allows a subscriber to anonymously accomplish credit card transactions without associating any aspect of the transaction with any information associated with the true identity of the subscriber.

CROSS REFERENCE TO RELATED APPLICATIONS

[0001] The present application is a continuation of Tsuei et al. U.S.patent application Ser. No. 10/248,345 filed Jan. 10, 2003, pending,which is: (1) a continuation-in-part of Peter Barton U.S. patentapplication Ser. No. 09/326,298 filed Jun. 4, 1999, pending, which is acontinuation of Peter Barton U.S. patent application Ser. No. 09/294,270filed Apr. 19, 1999, abandoned; (2) a continuation-in-part of PeterBarton U.S. patent application Ser. No. 10/259,190 filed Sep. 27, 2002,abandoned, which is a continuation of Peter Barton U.S. patentapplication Ser. No. 09/474,110 filed Dec. 29, 1999, abandoned, whichclaims priority to Peter Barton U.S. provisional patent applicationserial No. 60/165,546 filed Nov. 15, 1999, abandoned; (3) acontinuation-in-part of Peter Barton U.S. patent application Ser. No.09/474,378 filed Dec. 29, 1999, abandoned, which claims priority toPeter Barton U.S. provisional patent application Ser. No. 60/165,547filed Nov. 15, 1999, abandoned; (4) a continuation-in-part of PeterBarton U.S. patent application Ser. No. 09/471,744 filed Dec. 23, 1999,abandoned; (5) a continuation-in-part of Peter Barton U.S. patentapplication Ser. No. 10/284,056 filed Oct. 30, 2002, abandoned, which isa continuation of Peter Barton U.S. patent application Ser. No.09/614,302 filed Jul. 12, 2000, abandoned, which is acontinuation-in-part of Peter Barton U.S. patent application Ser. No.09/471,744 filed Dec. 23, 1999, abandoned; and (6) acontinuation-in-part of Henry Tsuei et al. U.S. patent application Ser.No. 10/331,142 filed Dec. 27, 2002, abandoned, which is a continuationof Henry Tsuei et al. U.S. patent application Ser. No. 09/476,175 filedDec. 30, 1999, abandoned, which claims priority to Henry Tsuei et al.U.S. provisional patent application Ser. No. 60/164,169 filed Nov. 9,1999, abandoned. Priority is claimed in the present application to eachof these applications, and each is hereby expressly incorporated byreference herein.

BACKGROUND OF INVENTION

[0002] 1. Field of the Invention

[0003] The field of the invention relates to systems and methods forfacilitating, providing, and/or enabling anonymous transactions. Inparticular, the field of the invention relates in particular toanonymous authentication of customer profile information to anauthorized requester, including authentication of customer profileinformation related to children, and to consumer privacy protection whenordering merchandise by mail by not having to reveal consumer personalinformation to the merchant and/or shipper.

[0004] 2. Description of the Related Art

[0005] Consumer privacy is becoming a focus of major public interest,especially as computing capacity increases and data handling and storagebecome easier and less expensive, and information databases areassembled to host a myriad of transactional information. Thisinformation, which may be gathered from a number of sources, is stored,categorized and sold. A prime information target is the retailtransaction.

[0006] For example, for each credit card transaction, an issuer bank'scomputer system can store the merchant's name, the product purchased,and the amount of the transaction. The issuer bank or credit cardcompany can use the collected information to determine the spendinghabits of their credit cardholders and then either use that informationin its own business or make it available to others. In addition to theinformation stored in the issuer bank's computer system, as aconsequence of a credit card transaction, the individual merchantsreceive information from the issuer bank about the credit cardholder.This information can be used to provide targeted marketing directed tothe credit cardholder, or to provide others with information about theconsumer's buying habits.

[0007] Membership cards, club cards and credit cards which link atransaction to an individual's database, reveal the purchase, the timeof day of the purchase and the retail outlet. This information is thentied to a demographic which is sold to the direct marketing industry. Inmany cases these databases actually invade a person's privacy and arealmost transparent to the unwitting consumer.

[0008] The consequences associated with the availability of anindividual's spending information range from the merely annoying to theserious. At a minimum, an individual may receive more targeted junk mailthan may be desired. More seriously, the same information that is usedto target the individual for junk mail can also be used to target theindividual for private or governmental harassment. For example, anissuer bank may choose to sell its customer list, with indicia thatidentifies all credit cardholders that have purchased sportingequipment, to retail sporting good companies. These companies may theninundate a credit cardholder with mail or other forms of advertisements.In a more serious situation, the issuer bank may sell its list ofcustomers that have purchased certain goods (for example, furs orsteaks) to activist groups that oppose the purchase of such items. Thesegroups may then use the customer list to expose the credit cardholder toall sorts of harassment and perhaps physical injury.

[0009] One way an individual can avoid this problem is to pay foreverything with bearer notes such as cash, since nothing on a bank noteindicates who its owner is or was. This same property, however, makescash fungible for both the owner and the thief. It is both easy to loseand easy to negotiate. For these reasons, few people desire to carry alarge amount of cash. One way of solving this difficulty is to useelectronic cash, as described in David Chaum, “Security withoutIdentification: Transaction Systems to make Big Brother Obsolete,”Communications of the ACM, vol. 28, no. 10, pp. 1030-144, October, 1985.When electronic cash is used in an automated transaction, a purchasecannot be associated with a customer. The scheme, however, may beinsecure against fraud; see Steven H. Low, et al., “Collusion in aMulti-Communications Protocol for Anonymous Credit Cards” submitted toIEEE/A CM 50, Transactions on Networking. In addition, since theelectronic cash is given to a customer, a means is needed to prevent theindividual from duplicating and spending it over and over again.

[0010] Apart from the opportunity to gather consumer information thatarises from the use of a credit card or the like, consumer informationalso may be gathered when shipping information is provided to a merchantor other third party. It is therefore also desirable to protect theidentify of consumers when ordering merchandise over the telephone orthe Internet, or by any other means, when such merchandise is to beshipped to the residence or business of the consumer. Currently, theconsumer generally has no choice but to give a proper mailing address tothe merchant in order to receive the shipped goods. One solution to thisproblem is to use post office boxes. However, this solution is oftenexpensive, inconvenient and/or requires the use of the consumer's realname.

[0011] Accordingly, a need exists for systems and methods for performingtransactions that have the convenience and safety of card transactions,such as credit card transactions, and the anonymity of cashtransactions. A need further exists for systems and methods forprotecting the identity of consumers' names and addresses when atransactions include shipping or mailing to consumers. On or more ofthese needs are met by one or more embodiments of the present invention.

SUMMARY OF INVENTION

[0012] The present invention comprises systems and methods forprotecting consumer information by providing for, facilitating, and/orenabling anonymous transactions.

[0013] In systems and methods, a service provider or merchantrepresenting an information requester is able to authenticate customerrelated information and/or records which reside in a secure, offlinedatabase without the true identity of a customer being revealed. Inthese systems and methods, the present invention provides an automated,inexpensive system and method for the confirmed request, processing andconfirmed transfer of anonymous customer or subscriber relatedauthentication among service providers and/or information requesters.These systems and methods preferably utilize a software and hardwaresystem to facilitate centralized offline customer identity and businessinformation authentication, while maintaining the anonymity of thecustomer. This advantageously allows a service provider or informationrequester to easily and inexpensively authenticate customer relatedbusiness information without the true identity of the customer beingrevealed to the service provider. Thus, a benefit of these systems andmethods is that the actual transaction is not associated with the trueidentity or demographics of the customer.

[0014] Another benefit of these systems and methods is that a highlyefficient system and method is provided for requesting, processing, andanonymously authenticating customer or subscriber related identificationand business information between the service provider or informationrequester and the secure, central database repository. In one aspect ofthese systems and methods, this comprises an information hub whichincludes an interactive server and a database. For example, in oneembodiment, the database contains a lookup table which blinds thedatabase from the server. Preferably, the coded or addressed anonymouscustomer identification confirmation or authentication system of thepresent invention employs an offline central consumer informationdatabase or repository, in communication with service providers orinformation requesters.

[0015] These systems and methods also provide for the processing andauthentication of requested, specifically identified customer profiles,without identifying the true identity of the customer, and withoutrevealing any business or transaction information to the serviceprovider or information requester. In a preferred embodiment, theauthenticity of the information requester is verified prior toresponding. Thus, one feature of these systems and methods is that thereis a blinding or “bunkering” of any attempt by unauthorized informationrequesters to cross check against a known transaction to match the aliasof the customer or subscriber with the true identity of the customer orsubscriber.

[0016] Another advantage of these systems and methods is that a serviceprovider or information requester having a system authorization code canelectronically request, process and confirm the validity of an anonymouscustomer's information and/or records. This can be done, for example,from a secure data repository by means of a hardware/software system.Preferably, the hardware/software system is comprised of an offlinedatabase and a central server comprising an information processing hub.In this example embodiment, the information processing hub communicateswith each service provider or information requester via a communicationlink.

[0017] A feature of these systems and methods is that a confirmedauthentication of uniquely identified and stored information between anauthorized requester and the database repository is triggered by the useof a unique, assigned alias identifier. For example, the requestedsubscriber or customer records and/or business information are uniquelyidentified by means of an alias identification of the customer, whichcan be alphanumeric, digital, analog or the like. In one embodiment thesystem can authenticate the existence of the customer alias as relatingto the true identity of an individual subscriber.

[0018] In another embodiment, authenticated coded triggers are used torelease a predetermined portion of the data including, for example, thetrue identity of the subscriber, to an information requester havingauthorization for that clearance. In accordance with this embodiment,preferably the information is encrypted. In one aspect, an alphanumericcode is used to identify files within the uniquely addressed customerinformation profiles. In a preferred embodiment, the system of thepresent invention confirms requests for authentication to maintain theintegrity of the system and the anonymity of the subscriber or customer.In another embodiment the authentication is protected by encryption anda digital signature of the information requester or by use of anauthentication code such as a PIN or the like.

[0019] In a preferred embodiment, personal or business records and/orinformation related to a particular subscriber maintained within theoffline database can include at least part of at least one subscriber'sprofile. In one aspect subscriber profiles consist of the subscriber'sphysical address, social security number, credit limits, email address,and the like.

[0020] In accordance with another preferred embodiment, a singlecentralized offline database or repository is provided in communicationwith a central processing server. For example, the central processingserver acts as a “gatekeeper” to maintain the secrecy of the customer'strue identity. In another embodiment, a plurality of servers communicatewith the service providers and in turn with a central server in a multitiered system.

[0021] In another aspect of these systems and methods, a computerimplemented method is disclosed for providing authentication to anauthorized information requester. For example, the information requestermay b provided with authentication of the existence of coded, uniquelyidentified personal business type records and/or information relating toa particular anonymous subscriber or customer. In a preferredembodiment, the records or information are contained in a “blinded”offline database that communicates with each authorized informationrequester by means of a central processing server. The method, forexample, may be accomplished by the subscriber information requesterinitially generating an authorized formatted request for authenticationof the uniquely identified records and/or information related to aparticular anonymous subscriber or customer using an alias that retainsthe anonymity of the subscriber or customer. The method also includestransmitting the request to a confirming central processing server withaccess to an offline database via the communication link. Additionally,the method includes receiving the formatted request, authenticating theauthorization of the information requester and confirming receipt of theformatted request by the central system database. The method alsoincludes processing the request of the subscriber or informationrequester by blinded communication with the database, generating aformatted response in the database authenticating the alias or denyingthe alias, transmitting the response, and formatting a server responseto the service provider or information requester via the communicationlink. In one example embodiment, the formatted response to thesubscriber or information requester can comprise a denial of therequest, an authentication or an authenticated informational compliance.Additionally, the informational compliance can be full or partial. In apreferred embodiment, the requester is logged into the central server.For example, if the information requester is not authorized to addressthe offline database, the identification of the customer or subscriberis blocked and the information requester is denied furthercommunication. In this example, such a formatted response is a denial ofauthentication.

[0022] In accordance with preferred embodiments of these systems andmethods, a medium is provided which contains a unique identificationthat is either anonymous or an alias with respect to the true identityof the subscriber and/or customer. For example, the medium can be in theform of a standard plastic card with a magnetic strip containing theencoded information or alias information, or it can be in the form of asmart card that has an encoded chip. Thus, for example, the medium canbe a credit card issued by, for example, American Express, VISA orMasterCard. Alternatively, in addition to the card, there may be analias I.D., such as a picture I.D., that authenticates the anonymouscode for the user. In an example embodiment, a personal identificationnumber (“PIN”) can be used such that the user of the medium would berequired to enter a PIN on a keypad or the like, to authenticate theanonymous code. A benefit in these examples is that the user of themedium remains totally anonymous to the service provider or requester.Also in these embodiments, the service provider authenticates thetransaction by means of an electronic connection such as telephone wiresor the Internet to one or more centrally based processing servers incommunication with the offline database as previously described.

[0023] In accordance with other systems and methods of the presentinvention, a credit or debit card that makes limited purchasing poweravailable to children is provided (herein referred to as a “Kid Card”).Preferably, the transactions performed with the Kid Card are anonymous.A child that purchases an item over the Internet, for example, can usethe Kid Card to pay for the item. When real time approval is sought bythe entity processing the transaction, rather than using true identitydata to authenticate the transaction, an alias set of information isused. This alias set of information is compared to an offline securedatabase that compares the alias information to the true identity dataand authenticates the transaction. In this example, the true identity ofthe purchaser is thus never compromised and therefore never available tothe processing company for inclusion on a demographic list or the like.In features of these systems and methods, the products available forpurchase with the Kid Card are subject to parental control and childrenare guided by a hosting entity through an Internet shopping experienceby presentation of selected Web pages.

[0024] Other systems and methods of the present invention arespecifically directed to protecting the identity of a credit cardholder,whereby the cardholder can enter into credit card transactions incomplete anonymity. Since the cardholder's identity is protected, thecardholder has the freedom to purchase any goods or services withoutworrying about receiving unwanted mailings or being personally harassed.Briefly described, these systems and methods allow the establishment oftwo credit cards with a line of credit that is split across twoaccounts, i.e., a primary account and an alias account. The primaryaccount is a conventional credit card account constructed in a creditcard processing system using the factual information provided by anapplicant for a credit card. The primary account is the account used forreporting and investigating the applicant's credit worthiness andestablishing credit. The alias account is constructed using securityinformation submitted by the credit card applicant, and information froman associated primary account. The alias account is constructed in asecure database and is identified with an alias name and address. Thesecure database is preferably maintained in a secure facility or vaultoperated by an independent third party, for example a privacy foundationthat is not beholden to credit card companies or to merchants. The vaultmaintains the identity of the alias account holders; the identities arenot disclosed to others except under certain limited conditions. Onceprimary account is constructed in the credit card processing system, theprimary account information is then transferred to the vault. The vaultmatches the transferred primary account information with the associatedsecurity information submitted by the applicant. As a result of matchingthe primary account and security information, an alias account isconstructed in the vault. The vault then transfers the alias accountinformation to the credit card processing system, and the credit cardprocessing system creates a corresponding alias account. The credit cardassociated with the primary account is used and processed like any othercredit card. The credit line for the primary account is established assome portion of the credit line approved during the application process.A remaining portion is assigned to the alias account.

[0025] The credit card associated with the alias account is also usedlike any other credit card, but a number of the credit card processingfunctions are handled in a different manner from other credit cardaccounts. The credit card transactions associated with the alias accountare processed on the credit card processing system with the aliasinformation (i.e., alias name and address). Therefore, the anonymity ofthe cardholder is maintained. When the real identity of the cardholderis required to support a credit card processing function, for exampleissuing the credit cardholder a statement for billing purposes, amailing address is retrieved from the associated alias account in thevault and associated with the statement for the alias account. Forexample, the alias account statement is transferred to the secureddatabase or facility to have the real identity of the cardholderdetermined before the statement is mailed.

[0026] In yet further systems and methods of the present invention ameans is provided for consumers to order merchandise via telephone, theInternet, or any other means, to be shipped to their business orresidence, without having to reveal their true address to the shipperand/or merchant. This is accomplished by relabeling the packages withthe true address of the consumer sometime after the packages are shippedby the merchant. This is preferably, but not necessarily, accomplishedin conjunction with anyone of the anonymous transaction systems andmethods set forth above using one of at least two techniques. The firsttechnique involves shipping the packages to a temporary location wherethe true address is relabeled on behalf of the consumer usinginformation from the offline database. The second technique involveshaving the shipping company relabel the packages while in transit bycommunicating through a secure network connection to the offlinedatabase. In response to a valid authorization request, the offlinedatabase returns the true address to the shipper. Preferably, thisprocess is automated and is implemented using wireless technology whilethe package is in transit.

[0027] Finally, other systems and methods of the present inventioninclude a private facility for mailings of packages and items, whereinthese packages and items are shipped to a temporary location where thetrue address is relabeled on behalf of the consumer. In these systemsand methods, The relabeling is preferably, but not necessarily,accomplished in conjunction with anyone of the anonymous transactionsystems and methods set forth above using one of at least two techniquesusing information from the offline database. Preferably the privatefacility administers the database, registers the customers, and assignsthe mail codes to the registered customers before this anonymous mailingand relabeling service is started. Alternatively, the shipping companypreregisters with the private facility that administers the database andreceives access to a secure network connection with the offlinedatabase. The shipping company in possession of a package labeled with amailing code sends a valid authorization request, including the mailingcode, to the offline database through the secure network connection. Theprivate facility verifies the authorization request and returns the trueaddress of the customer to the shipping company, thus enabling theshipping company to deliver the package directly to the customer.Preferably, this process is automated and is implemented using wirelesstechnology while the package is in transit.

[0028] In a related aspect of these systems and methods, the presentinvention provides a means for a person or entity to receive mail orparcels from a sender (e.g., a merchant) anonymously. For example, thecontact with the sender can be via telephone, the Internet, or any othermeans. The sending may, but need not be, in connection with a commercialtransaction (e.g., a sale or purchase) or involve the shipping ofordered goods as described above. Thus, the item can be shipped to theirbusiness or residence, without having to reveal their true address tothe shipper and/or merchant. The mail or parcel is shipped to a mailingcode and relabeled with the true address of the consumer sometime aftershipment by the sender. In cases where the item is sent as part of acommercial transaction, this is preferably accomplished in combinationwith the anonymous transaction systems and methods set forth above.

[0029] In embodiments of the systems and methods involving anonymous ordisguised mailing or shipping, the mailing code assigned can includelimited non identifying information. For example, the code may beformatted similarly to a zip code, in that the code or a portion of thecode corresponds to a geographic area or political subdivision. Thus,for example, the code may correspond to a postal zip code area or groupof zip code areas, a city, a county, a state, or other suitable area.Also, the readdressing may be physical or electronic, or a combinationof the two. Thus, for example, the readdressing may be by affixing orotherwise physically associating, a legible address with or withoutname, by affixing or otherwise physically associating a machine readableform of the address, e.g., a bar coded or magnetic strip address, byaffixing or otherwise physically associating a translatable, machinereadable address (e.g., that is translated within a special or generalpurpose computer), by affixing or otherwise physically associating anaccess identifier enabling electronic access to sufficient identifyinginformation (preferably on screen or other display) for delivery to thecustomer or other intended recipient, or by using the mailing code toallow (preferably with additional authorization code) remote electronicaccess to specific delivery information, preferably during the course ofa delivery run. For example, delivery information may be displayed on acomputer in a delivery truck or on a handheld computer. Remote accessmay be by any suitable means, e.g., by telephone (preferably mobiletelephone) and/or via satellite communications link, which may involveinternet transmission.

[0030] These and other features, and advantages of the present inventionmay be more clearly understood and appreciated from a review of thefollowing detailed description and by reference to the appended drawingsand claims.

BRIEF DESCRIPTION OF DRAWINGS

[0031]FIG. 1 is an example of a schematic view of an information flowmodel that can be used in accordance with one embodiment of the presentinvention.

[0032]FIG. 2 is an example of a schematic view of an information flowmodel that can be used with one embodiment of the present inventionhaving a central processing server and an offline database.

[0033]FIG. 3 is a block diagram illustrating an exemplary account setupin the alias account system of the present invention.

[0034]FIG. 4 is a block diagram illustrating a typical credit cardtransaction using the credit cards of the present invention.

[0035]FIG. 5 is a block diagram illustrating an upgrade of an existingaccount to an alias and primary account, in accordance with the presentinvention.

[0036]FIG. 6 is a general block diagram illustrating an embodiment ofthe alias account management process of the present invention.

[0037]FIG. 7 is a timing diagram illustrating an example of an issuer'scredit exposure when a credit limit increase is processed using theaccount management process of FIG. 6.

[0038]FIG. 8 is a block diagram illustrating a process for performingnon mon updates, such as name and address changes, in the alias accountsystem of the present invention.

[0039]FIG. 9 is a block diagram illustrating the account closing processin the alias account system of the present invention.

[0040]FIG. 10 is a block diagram illustrating an overview of thestatement printing process of an embodiment of the present invention.

[0041]FIG. 11 is a general block diagram illustrating an embodiment ofthe alias statement process.

[0042]FIG. 12 is a block diagram illustrating the databases employed inthe vault and their associated relationships.

[0043]FIG. 13 is a table setting forth fields contained in a MatchingDatabase in a preferred embodiment of the present invention.

[0044]FIG. 14 is a table setting forth fields contained in a TemporaryDatabase in a preferred embodiment of the present invention.

[0045]FIG. 15 is a table setting forth fields contained in an AccountBlock Database in a preferred embodiment of the present invention.

[0046]FIG. 16 is a table setting forth fields contained in an IssuerDatabase in a preferred embodiment of the present invention.

[0047]FIG. 17 is a table setting forth fields contained in a MailRedirection Database in a preferred embodiment of the present invention.

[0048]FIG. 18 is a flow diagram illustrating an overview of the host andvault process flow in an embodiment of the present invention.

[0049]FIG. 19 is a flow diagram illustrating the account acquisitionprocess of an embodiment of the present invention.

[0050]FIG. 20 is a flow diagram illustrating the account maintenanceprocess in an embodiment of the present invention.

[0051]FIG. 21 is a flow diagram illustrating the collections process inan embodiment of the present invention.

[0052]FIG. 22 is a flow diagram illustrating the mail redirectionprocess in an embodiment of the present invention.

[0053]FIG. 23 is a schematic diagram that depicts one embodiment of thedisguised mailing feature in accordance with one embodiment of thepresent invention.

[0054]FIG. 24 is a flowchart depicting methods that can be used toimplement the disguised mailing feature in accordance with an embodimentof the present invention.

[0055]FIG. 25 is a flowchart depicting methods that can be used toimplement the disguised mailing feature in accordance with an embodimentof the present invention.

[0056]FIG. 26 illustrates information flow during package delivery usingthe private anonymous mailing service of the present invention.

[0057]FIG. 27 is a flowchart of the customer registration process usedin the private anonymous mailing service of the present invention.

[0058]FIG. 28 is a flowchart of the merchandise shipment process inaccordance with the private anonymous mailing service of the presentinvention.

DETAILED DESCRIPTION

[0059] I. Preferred Systems and Methods for Authentication in AnonymousTransactions

[0060] After reading the following description, it will become apparentto one of ordinary skill in the art how to implement the invention inalternative embodiments and alternative applications. Moreover, otherexamples for blinding interaction and transaction will readily come tomind, once the inventive aspect of the instant invention is understood.Although the instant system can be used to blind customer profiles froma service provider for a number of applications, credit cardtransactions will be used as a specific example for ease ofunderstanding. As such, this detailed description of a preferred andalternative embodiments should not be construed to limit the scope orbreadth of the present invention, which be used, for example, withtelephone cards, frequent flyer club cards, grocery store cards and thelike.

[0061] Definitions

[0062] For purposes of this Section 1, a “Subscriber” is an entity whosubscribes to a transaction based service and whose data is in theoffline database.

[0063] A “Service Provider or Information Requester” is an entity withwhich the particular Subscriber is consummating a transaction. ServiceProviders could be, for example, local retailers, banks, travel agenciesand the like.

[0064] “Subscriber ID” is an alias system identifier that can be used asan alias or a code to uniquely identify a particular Subscriber andcorresponding records.

[0065] “Subscriber Profile” or “Service Profile” means customer relatedbusiness information and/or records such as a particular Subscriber'sfinancial information, or address.

[0066] “Subscriber Related Business Information Request” is a requestfrom a Service Provider for authentication of all or part of aparticular Subscriber Profile or Service Profile. The Profile preferablycontains readable system code allowing the system to verify that therequester is part of the system.

[0067] A “Subscriber Related Business Information Request Response” is aresponse to a Subscriber Related Business Information Request. Forexample, the Response could be a listing of all or part of a particularService Profile, an authentication of a Subscriber's identity, or adenial of such information. In a preferred embodiment, the Response isencrypted. A Subscriber Related Business Information Request Responsecan also include a “Transaction Authorization” or “Confirmation Request”such as used in the credit card industry.

[0068] Briefly described, and in accordance with a preferred embodimentin operation, an information hub housing a central server receives arequest for authentication from a service provider or informationrequester. In this example embodiment, the central server verifies thatthe service provider or information requester is authorized to obtainauthentication for the transaction or the requested information from thedatabase. Upon verification of the validity of the request, the centralserver queries the database for authentication of the anonymouscustomer. The database contains, for example, a lookup table that linksthe anonymous identification of the medium card holder, for example, acredit card holder, to the true identity of the card holder. In thisexample embodiment, the lookup table functions a barrier between thesystem traffic and the stored identity information. Continuing with theexample, if the information requested matches the search in the lookuptable, a verification response is generated by the central server toauthenticate the transaction.

[0069] Turning now to FIG. 1, there is shown a schematic of a preferredembodiment of the alias method and system 20 of the instant invention.This preferred embodiment comprises a number of Service Providers orInformation Requesters 21, each communicating with a systemserver/database 22 by means of a preexisting communication link 23, suchas the public telephone system. A Subscriber Profile data and/orauthentication is relayed to a requesting Service Provider 21 throughthe system server/database 22, in computer accessible code, via thecommunications link 23. The information flow is virtually instantaneous,and the response information puts the necessary information in the handsof the Service Provider or Information Requester 21. This information ispreferably delivered in a usable form, expediting the transaction. Thesystem server/database 22, for example, represents a centralizedinformation hub having a preexisting communication link 23 for thepurposes of receiving, authenticating and transmitting information toService Providers 21. In an alternative embodiment, the centralinformation hub comprises more than one physical element. For example, amulti tiered server system (not shown) may be practical in someapplications. Furthermore, a public communications system is notnecessary to link the system server database 22 to the Service Providers21. The communications link 23 may alternatively be a private leasedline, a local area network, cable TV network, or the Internet. In thispreferred embodiment, the system server/database 22 comprises a serverand an offline database as more fully described below in relation toFIG. 2.

[0070] Turning to FIG. 2, there is shown an example of a preferredinformation flow of the alias method and system 20. In FIG. 2, thetransfer of a Subscriber's authentication or Subscriber Profileinformation between the Service Provider or Information Requester andthe offline centralized database is shown. Preferably, the system serveris accessible to all Service Providers 21. For example, the ServiceProviders 21 can access the System Server 22 by merely addressing thealias customer information profile by means of the Service Provider'sidentification through the communication link.

[0071] As further shown in FIG. 2, the system 20 comprises an authorizedService Provider 24, a System Server 26, an offline database 28, and aninterconnecting communications link 30. The communications link 30connects the Service Provider 24 and database 28 with the server 26.Preferably, all communication takes place over communications link 30.The process boxes or units in FIG. 2 represent execution steps forcreating, transferring and confirming information between ServiceProvider 24, server 26, and offline database 28, all of which isdescribed now in greater detail.

[0072]FIG. 2 Data Flow: Generation of Request for SubscriberAuthentication or Information

[0073] First, Service Provider or Information Requester 24, by means ofunit process 33, generates a Subscriber Related Business InformationRequest 32. The request is generated in a specified format and includesan informational header. This header includes, for example, theSubscriber's alias, PIN or other anonymous inquiry keys and information.Additionally, the header may include address information and a formattedmessage portion comprised of, for example, the date, time, and amount ofthe transaction. The data used to generate the Subscriber RelatedBusiness Information Request 32 can be provided in more than one way. Afirst example of a method for creating the Subscriber Related BusinessInformation Request 32 is by using an application Graphical UserInterface, preferably written in Java. In one embodiment, the GraphicalUser Interface provides the user with input fields for all elements ofthe Subscriber Related Business Information Request 32, including inputfields for the Service Provider 24. Additionally, the Graphical UserInterface can perform input validations, convert the input data into abinary stream using Java serialization, and store the document. Forexample, the document can be stored in binary object form in the ServiceProvider or Information Requester's 24 relational database AA secondexample of a method for creating the Subscriber Related BusinessInformation Request 32 is through the use of the Client IntegrationSubsystem. In a preferred embodiment, the Client Integration Subsystemis a configurable set of services and infrastructure. These services canbe written, for example, in the C++ and Java programming languages,which allow an organization to “plug in” their existing systems toautomatically generate a Subscriber Related Business Information Request32 in accordance with the present invention. This, for example, is thecoded information in a credit card transaction that authorizes amerchant's request and identifies the return path I In either exampleembodiment, the resulting document is stored in the Service Provider orInformation Requester's 24 relational database coupled with additionaldocument information. Such information could include date and timestamps, document state information, creating user identification, andthe like. Furthermore, this information could be linked to a particularSubscriber Related Business Information Request 32 and simultaneouslystored along with the Subscriber Related Business Information Request32. Preferably, the date and time stamps are used to determine whetherthe request is sent and received within the industry allotted timeperiod. This, for example, would prevent hacking through the use ofdifferent requester locations attempting to obtain client SubscriberRelated Business Information in the offline database 28. Additionally,the user identification information is preferably used by the SystemServer 26 and the offline database 28 to help verify the validity of theSubscriber Related Business Information Request 32. This can be done,for example, by determining that the Subscriber Related BusinessInformation Request 32 was sent by an authorized Service Provider orinformation Requester 24 I In this example, when the Subscriber RelatedBusiness Information Request 32 is completed by entering the necessarydata, it is marked as ready to be sent. Conversely, if the SubscriberRelated Business Information Request 32 is not completed, for example,due to missing data, it is marked for review and stored until theSubscriber Related Business Information Request 32 data is entered intothe Subscriber Related Business Information Request 32. Preferably, thisprevents overriding the system by not having a complete request. This isimportant, for example, when service information provider or informationrequesters 24 are given security codes allowing access to differinginformation and/or levels of information.

[0074]FIG. 2 Data Flow: Send Subscriber Business Information Requestfrom Service Provider or Information Requester to the System Server

[0075] In a preferred embodiment, once created, the Subscriber RelatedBusiness Information Request 32 is prepared to be sent to the SystemServer 26 by means of unit process 34 via communications link 30. Anexample of the aspects of unit process 34 include application of thedigital signature, data encryption, alias and attaching the routinginformation. For example, the Subscriber Related Business InformationRequest 32 carrying the alias identifier is encrypted by an encryptingservice. In one example embodiment, the encrypting service utilizesPretty Good Privacy encryption with the System Server's 26 public key.In one embodiment, an online service can be used or alternatively, thesoftware can be downloaded from www.MIT.edu for inclusion in process 34.Continuing the example, the document is digitally signed using theService Provider's 24 private key. Preferably, this private key has beenpreviously configured by the system administrator. The SubscriberRelated Business Information Request 32 is sent to the server 26 usingcommunication link 30. Various systems can be used to connect theService Provider or Information Requester 24 to the System Server 26.For example, the message can be sent either via X400 protocol or using avirtual private network protocol. Preferably, the choice is based on theconfiguration implemented by the generating entity's systemadministrator, based on system requirements for response times and costof implementation. Preferably, the data is sent over an existingcommunication system such as the Internet or a Virtual Private Network.A lookup of the System Server 26 destination address in the ServiceProvider or Information Requester's 24 database is performed.Preferably, the process 34 appends the appropriate routing informationfor the transmission type used by the generating entity system. A fullyqualified Internet address is an example of appropriate routinginformation.

[0076]FIG. 2 Data Flow: Receipt of Subscriber Related BusinessInformation Request by System Server

[0077] The Subscriber Related Business Information Request 32 isreceived by Server 26 from Service Provider or Information Requester 24.This is accomplished by means of unit process 36 via communications link30. In one embodiment, the system is activated by data being received.Preferably, unit process 36 includes steps for receiving the message,authenticating the signature on the message and responding to the senderif the signature is valid. For example, upon receipt of a SubscriberRelated Business Information Request 32, the server 26 first logs thereceipt and then authenticates the digital signature. Within process 36an interim file representation of the document is created, afterextracting the document from the transport mechanism and stripping offheader information. The file is then stored in a system defined, filesystem directory. Subsequently, the document digital signature isverified using the Pretty Good Privacy signature authentication servicebased on the sender's public key, which is retrieved via the previouslyconfigured information in the Pretty Good Privacy security database.Continuing the example, if the signature is authentic, the SubscriberRelated Business Information Request 32 is decrypted using the PrettyGood Privacy decryption software and stored. Preferably, a verificationof receipt message 38 (shown in dotted lines) is sent back to ServiceProvider or Information Requester 24 via the communication link 30. In apreferred embodiment, the Service Provider or Information Requester 24verifies the sender as the System Server 26. In an example embodiment,the validity of the Subscriber Related Business Information Request 32is based on several criteria. Preferably, if the Subscriber RelatedBusiness Information Request 32 is not authentic, the Request 32 is nothonored. For example, in one embodiment, the invalid Request 32 is firstreturned to the Service Provider or Information Requester 24 via theCommunications Link 30. Then, a message is sent noting the receipt of aninvalid Subscriber Related Business Information Request 32. Furthermore,receipt of the invalid Subscriber Related Business Information Request32 is logged by the System Server 26. Preferably, the address of theinvalid Service Provider or Information Requester 24 thereafter isblocked from the system 20 and the information pertaining to theunauthorized Service Provider or Requester 24 is maintained in thesystem 20 for future reference.

[0078]FIG. 2 Data Flow: Processing of the Subscriber BusinessInformation Request for Subscriber by System Server

[0079] Valid Subscriber Related Business Information Requests 32,received by the System Server 26, are processed in accordance with unitprocess 41. For example, the processing includes decrypting the messageand preparing the message for forwarding to the offline database 28.Preferably, a message header is appended to the message and a documenttimer is activated to track the time until the System Server 26 receivesa request response from the offline database 28. To process theSubscriber Related Business Information Request 32 in accordance withunit process 41, the System Server 26 preferably records receipt of theSubscriber Related Business Information Request 32 into the SystemServer's 26 relational database. In this same embodiment, the SubscriberRelated Business Information Request 32 is marked as received by theSystem Server 26. Furthermore, the Server 26 can also be configured toexecute certain user defined operations which are triggered during thisprocessing depending upon the nature of the Subscriber Related BusinessInformation Request 32 as further described below. For example, if therequest is a credit card transaction, certain information may beforwarded to the issuing bank after database manipulation as furtherdescribed below. In one embodiment, the document file is read in by theServer's 26 document handler, decrypted, and the document is then storedin the Server 26. For example, a document handler rules engine is usedto process the document in accordance with unit process 41. Based on auser defined rules set, preferably stored in an ASCII text file, a rulesagenda is created based on the contents of the document. In thisexample, the rules engine matches patterns in the rules conditions withthe document and executes actions associated with the conditions.Examples of actions include updating database tables,modifying/transforming the document header information, and addingadditional/alternative document routing instructions. Preferably, atimer is activated by storing a new record with Subscriber RelatedBusiness Information Request 32 information in the timer table.

[0080]FIG. 2 Data Flow: Send the Subscriber Business Request forSubscriber Profile from the System Server to the Database

[0081] Subscriber Related Business Information Requests 32, thusprocessed, are forwarded to offline database 28 by means of unit process43 via communication link 30. An example embodiment of unit process 43includes the steps of encrypting the message, digitally signing themessage, and sending the message to the offline database 28. Preferably,the functions required to prepare a document for forwarding are based onthe type of Service Provider 24 from which the Subscriber RelatedBusiness information Request 32 is received. Offline database 28 hasauthority and access to the data required to respond to the SubscriberRelated Business Information Requests 32, i.e., create a SubscriberRelated Business Information Request Response.

[0082]FIG. 2 Data Flow: Receipt of the Subscriber Business InformationRequest for Subscriber Information from System Server by OfflineDatabase

[0083] The offline database 28 receives, logs, and authenticates theSubscriber Related Business Information Request 32. For example, in unitprocess 44, the offline database 28 receives the message, the signatureon the message is authenticated and a response is sent to the SystemServer 26 if the signature is valid. In this manner only the Server 26can access the offline database 28. Specifically, unit process 44creates an interim file representation of the document after extractingthe document from the transport mechanism and stripping off headerinformation. Here, the priority code is interpreted so that theappropriate information from the lookup table can be retrieved.Continuing the example, the Subscriber Related Business informationRequest 32 is stored and the appropriate customer related information iscoupled with the document header. Preferably, the file is stored in asystem defined file system directory. Subsequently, the digitalsignature is verified using the Pretty Good Privacy signatureauthentication service based on the sender's public key, which isretrieved via previously configured information in the Pretty GoodPrivacy security database. If the signature is authentic, the documentis decrypted using the Pretty Good Privacy decryption software based onthe Server's 26 private key data. Once the document is decrypted, theheader information is separated from the Subscriber Related BusinessInformation Request 32 and the Subscriber Related Business InformationRequest document 32 is stored. A message 38 (shown in phantom)acknowledging the receipt of the Subscriber Related Business InformationRequest 32 is then sent by the offline database 28 to the Server 26 viacommunications link 30. Preferably, Erroneous Subscriber RelatedBusiness Information Request 32 receipts are logged and the Server 26 isnotified via message 38. In this manner only requests from Server 26 areaccepted for processing.

[0084]FIG. 2 Data Flow: Processing of the Subscriber BusinessInformation Request for Subscriber Information and Generation ofResponse by Offline Database

[0085] Once the Subscriber Related Business Information Request 32 isprocessed as set out above in unit process 44 by offline database 28, itis processed in accordance with unit process 46. An example of themethod steps within unit process 46 includes: the Subscriber RelatedBusiness Information Request 32 is decrypted, the document is storedinto the offline database 28 and the Subscriber Related BusinessInformation Request Response 47 is created. For example, the offlinedatabase 28 formats the data into a document message and the offlinedatabase 28 appends reader information such as routing and document typeto the message. Additionally, the subscriber Related BusinessInformation Request 32 is stored in the offline database 28. When theSubscriber Related Business information Request 32 has been processed,the Offline Database 28 responds. For example, the Offline Database 28sends a Subscriber Related Business Information Request Response 47 backto the Service Provider or Information Requester 24 through the SystemServer 26 via communications link 30. Preferably, the Subscriber RelatedBusiness Information Request Response 47 is generated in accordance withunit process 46. In one example, the Subscriber Related BusinessInformation Request Response 47 is prepared using an applicationGraphical User Interface preferably written in Java. The Graphical UserInterface preferably provides the user with input fields for allelements of the Subscriber Related Business Information Request Response47, including input fields for the Service Provider or InformationRequester 24. Preferably, the Graphical User Interface performs inputvalidations, converts the input data into a binary stream using Javaserialization, and stores the document in binary object forth into theoffline database's 28 relational database. The document is stored intothe offline database's 28 relational database. The document may bestored with additional document information such as date and timestamps, document state information, creating user identification and thelike which are linked to a particular Subscriber Related BusinessInformation Request Response 47. Preferably, the document stateinformation is used by the system to determine whether the SubscriberRelated Business Information Request Response 47 is ready to betransferred to the System Server 26. Additionally, the useridentification information is used by the System Server 26 to helpverify the validity of the Subscriber Related Business InformationRequest Response 47 by determining that the Subscriber Related BusinessInformation Request Response 47 was sent by offline database 28 or anentity having access to the subscriber information and authority todisseminate authentication or information. When the Subscriber RelatedBusiness Information Request Response 47 is completed by entering thenecessary data, it is marked as ready to be sent. Conversely, if theSubscriber Related Business Information Request Response 47 is notcompleted due to missing data, it is marked for review and stored untilthe Subscriber Related Business Information Request Response 47 data isentered into the Subscriber Related Business Information RequestResponse 47. If appropriate, a message is sent to the Server 26requesting additional information be placed in the database 28 to fillthe request.

[0086]FIG. 2 Data Flow: Send the Response to the Request for SubscriberInformation to System Server from Offline Database

[0087] After Subscriber Related Business Information Requests Response47, has been processed, it is forwarded to System Server 26 by means ofunit process 48 via communication link 30. For example, within unitprocess 48, Subscriber Related Business Information Requests Response 47is encrypted, digitally signed, and sent to the Server 26. Afterprocessing, the Subscriber Related Business Information Request Response47 is preferably stored in the relational database coupled withadditional information such as date and time stamps, and useridentification.

[0088]FIG. 2 Data Flow: Receipt of the Response to the SubscriberInformation Request by System Server from Offline Database

[0089] After the Subscriber Related Business Information RequestResponse 47 is received by the System Server 26, it is handled inaccordance with unit process 50. Within unit process 50, the SystemServer 26 receives the Subscriber Related Business Information RequestsResponse 47, the signature on the Subscriber Related BusinessInformation Requests Response 47 is authenticated, and a response 38 issent to the offline database 28 if the signature is valid. Preferably,the Subscriber Related Business Information Request Response 47 isacknowledged by message 38 to the offline database 28 via link 30 andits receipt is logged. The Subscriber Related Business InformationRequest Response 47 then is processed by Server 26. An example of thisprocessing includes authentication of the Subscriber Related BusinessInformation Request Response 47 and validation of the intended ServiceProvider 24 address. Additionally, the receipt event is logged.Preferably, the document is decrypted as above described and checkedagainst existing Subscriber Related Business Information Request 32 fora match. For example, Subscriber Related Business Information RequestResponse 47 match errors and destination errors are logged andnotifications sent back to the offline database 28. Furthermore, therespective unit process 50 creates an interim file representation of thedocument after extracting the document from the transport mechanism andstripping off header information. In this same example, the file isstored in a system defined file system directory, which preferably is apersistent storage mechanism.

[0090]FIG. 2 Data Flow: Processing the Response to the SubscriberInformation Request by System Server

[0091] After the Subscriber Related Business Information RequestResponse 47 response is received by Server 26, it is processed as shownby unit process 52. Such processing, for example, includes storing thedocument, logging its receipt and managing the timers associated withthe original request. For example, within unit process 52, an ID ismatched against the initial request sent, the message is stored into theSystem Server 26 database, the document timer is deactivated, theSubscriber Related Business Information Requests Response 47 is preparedfor forwarding to the requesting Service Provider 24 and a messageheader for sending Subscriber Related Business Information RequestsResponse 47 to the requesting Service Provider 24 is appended.Preferably, the Subscriber Related Business Information Request Response47 receipt is logged and the document state is set to “complete.” Such asetting indicates that the Subscriber Related Business InformationRequest Response 47 is ready, for example, to be encrypted, signed, andforwarded to the Service Provider or Information Requester 24, asrepresented by unit process 54. In the preferred embodiment, thedocument file is read in by the Server's 26 document handler process andthe document is then stored in the Server 26. The Document Handler RulesEngine is then activated to process the document. For example, a rulesagenda is created based on the contents of the document. The rulesengine matches patterns in the rules conditions with the document andexecutes actions associated with the conditions. The rules match theSubscriber Related Business Information Request Response 47 by documentidentifier information with the Subscriber Related Business InformationRequest 32. Preferably, the system timer that was created when thedocument was originally received by the server 24 is deleted from theserver timer table. Subsequently, in this example, the destination forthe Subscriber Related Business Information Request Response 47 isvalidated and any erroneous Subscriber Related Business InformationRequest Responses 47 are logged. Preferably, the Document Handlerprocess modifies the Subscriber Related Business Information RequestResponse 47 header information for document transmission status andstores the information to the database.

[0092]FIG. 2 Data Flow: Send Response to Subscriber Information Requestfrom System Server to Service Provider

[0093] The Subscriber Related Business Information Requests Response 47is sent to the Service Provider 24 using the communication link 30 inaccordance with unit process 54. For example, within unit process 54,the Subscriber Related Business Information Requests Response 47 isencrypted, digitally signed, and then sent to the Service Provider 24.Additionally, the system appends the appropriate routing information forthe transmission type used by the Service Provider 24. Furthermore,acknowledgment of receipt is received via 38 and logged. Preferably,match and destination error notifications are received and logged,corrections are made and the response resent if necessary.

[0094]FIG. 2 Data Flow: Receipt of the Response to the SubscriberInformation Request by Service Provider

[0095] Upon receipt of the Subscriber Related Business InformationRequest Response 47, the Service Provider or Information Requester 24authenticates the System Server 26 as the sender and logs the receipt ofthe Subscriber Related Business Information Request Response 47 inaccordance with unit process 56. For example, within unit process 56,Subscriber Related Business Information Request Response 47 is received,the digital signature is authenticated, and a response 38 is sent to theSystem Server 26 if the signature is valid. Additionally, the SubscriberRelated Business Information Request Response 47 is matched against theSubscriber Related Business Information Request 32. Preferably, theSubscriber Related Business Information Request Response 47 is processedin a manner similar to unit process 52 in accordance with unit process58.

[0096]FIG. 2 Data Flow: Service Provider Processing of the Response tothe Subscriber Information Request

[0097] The Service Provider or Information Requester 24 processes theSubscriber Related Business Information Request Response 47 in unitprocess 58. For example, within unit process 58 Subscriber RelatedBusiness Information Request Response 47 is decrypted and matched to theSubscriber Related Business Information Requests 32 stored in therequesting Service Provider's 24 database. Furthermore, the documentstatus is set to complete or rejected depending on the response datasent in the Subscriber Related Business Information Requests Response 47by the offline database 28. Preferably, the completion of this step isthe termination of the process. In a preferred embodiment, a log entryis made into the system server database recording information about thedocument reception process. For example, the document state is set tocomplete by the document processor of Server 26 by updating the documentheader in the database. Preferably, a trigger is fired to perform asystem defined service upon document completion. Triggers, for example,can perform actions such as sending a user defined message to a socket,storing data in another database, performing communications and thelike. In this manner transaction data can preferably be sent to, forexample, an issuing ban k.

[0098]FIG. 2 Architecture of Systems Server and Offline Database

[0099] In the embodiment of FIG. 2, the systems server and offlinedatabase architecture preferably consists of six subsystems: processcontrol subsystem, communication subsystem, document processingsubsystem, security subsystem, user interface subsystem, and a datahandling and storage subsystem. The process control subsystem preferablyincludes a system that invokes and controls the other custom andcommercial software that make up the system server. This subsystem, forexample, is able to automatically restart erroneously terminatedprocesses and logs such terminations for later analysis. Preferably,users are able to configure the process control subsystem to takeadditional actions when a process terminates.

[0100] The communication subsystem preferably comprises of an X400 agentand/or virtual private network communication agent. Preferably, thissubsystem uses either agent to send documents out of the system serverto external recipients, and relies on a fully qualified Internet addressfor routing. For example, the communication subsystem's messagereceiving functions include determining how to route a message to itsrecipient, and accepting and transferring mail from and to intermediateagents. Additionally, address interpretation and transformation into acompatible format is handled by the communication subsystem. Thecommunication subsystem also implements special actions indicated by themessage header such as verifying delivery. For example, when messagedelivery cannot be done, the communication subsystem queues messages, orreroutes documents with erroneous addresses, as required. To sendmessages to a recipient, the communication subsystem determines therecipient's preexisting public communication system host, then initiatesa transfer protocol session with the host. Preferably, an unsuccessfullytransferred message is queued for later delivery. In an embodiment wherethe System Server 26 functions as a routing hub for the system, thecommunication subsystem receives and processes all incoming documenttransfer protocol sessions from client systems. For example, outbounddocuments are packaged and sent to the communication agent forprocessing. Additionally, the communication subsystem automaticallyprocesses received messages by first authenticating, then decrypting,and then sending the message to the document processing subsystem. Inone embodiment, the communication subsystem places a time stamp on eachmessage that when compared with the message status indicates when amessage has not been successfully delivered. Unsuccessfully sentmessages are preferably resent a predetermined number of times accordingto preset communications subsystem parameters.

[0101] The document processing subsystem preferably processes allmessages received into the System Server 26. For example, this subsystemcan be responsible for message parsing, message storage, SubscriberRelated Business Information Request processing, Subscriber RelatedBusiness Information Request Response processing, message routing andmessage timers. Preferably, messages are processed in the order in whichthey are received and deleted after successful processing. In apreferred embodiment, a message is logged into the activity log uponreception and then parsed. For example, the message parser divides themessage into two parts: header and message data. Message typeinformation contained in the header determines which type of action thesystem server should take with the message data. After parsing, themessage data is stored. Preferably, the message data is stored accordingto message type and the message header is logged. For example, aSubscriber Related Business Information Request is stored in aSubscriber Related Business Information Request table; and a SubscriberRelated Business Information Request Response is stored in a SubscriberRelated Business Information Request Response table. In an alternativeembodiment, table entries are crossed referenced, and transmissionverification messages and the status of the corresponding message arelogged. In an example embodiment, after the message is stored, theSubscriber Related Business Information Request 32 is processed. Forexample, the first step in processing a Subscriber Related BusinessInformation Request 32 is to log the event. Then the name of the serviceprovider 24 is extracted and the service provider's address is obtainedfrom a lookup table. The Subscriber Related Business Information Request32 is then sent to the offline database 28. Preferably, the SubscriberRelated Business Information Request 32 is marked as sent when a returnreceipt is received. In preferred embodiments, Subscriber RelatedBusiness Information Requests 32 can be in any of four states based onresponses from the offline database 28: pending, sending, inactive, orcompleted. In a preferred embodiment, after the Subscriber RelatedBusiness Information Request 47 is processed and sent to the serviceprovider, the Subscriber Related Business Information Request Response47 is processed after it is received from the service provider. Forexample, when a Subscriber Related Business information Request Response47 is received by the document processing subsystem, the correspondingSubscriber Related Business Information Request identification number islocated and the Subscriber Related Business Information Request statusis checked. The Subscriber Related Business Information Request Response47 is marked as invalid if the Subscriber Related Business InformationRequest 47 is not pending. Preferably, document status is updated whenthe Subscriber Related Business Information Request Response 47 isprocessed, forwarded to the requesting Service Provider or InformationRequester 24 and stored into the system. In a preferred embodiment, amessage's time in the document processing system is tracked by a timer.In one example, default events are set to occur at preset times.Preferably, such default events include setting a message's status to acertain value if no response has been received or to send the messageagain if no return receipt is received.

[0102] The security subsystem primarily preferably secures four areas:system data and file access, the relational database, the systemadministrative user interfaces and data and messages. For example,system data and file access to the offline database 28 is protected by auser identification string that allows access to only the owner.Preferably, access to the relational database is controlled through adata owner's user identification string and password, and no accessprivileges are granted to any other user. Additionally in this example,the system administration user interfaces and data are protected byanother set of user identification numbers and passwords. Preferably,users cannot gain access to the system administration user interfacesand data through other databases. In one embodiment, messages aresecured by encryption and a digital signature. For example, commercialsecurity software does the encrypting and decrypting, messageauthentication, and digital signature verification. Softwarespecifically designed to secure document transmissions using Public KeyCryptography is preferred. In alternative embodiments, Public Keys canbe manually transferred between system/client administrators via emailor disk/tape. Preferably, key transfers are authenticated by verifyingthe digital signature of the sent document. Furthermore, all messagespreferably receive a digital signature based on the private key of thesending system. For example, upon receipt, the digital signature of amessage is automatically verified. Messages that fail digital signatureverification are not processed, but rather are stored and the failurenoted in the automated activity log. Preferably, the sender is notnotified when a message fails verification. This, for example, preventsattacks from hostile systems.

[0103] The user interface subsystem preferably allows a systemadministrator to add or delete service providers, add or update messagerouting information and monitor system activity. Preferably, theinterface is accessed through Java software applets which can beexecuted within a web browser, such as Netscape Navigator or as a standalone application. With regard to the data handling and storagesubsystem, the offline database system data preferably is stored in acommercial relational database. For example, the offline database systemuses a database access and storage facility implemented using embeddedstructured query language in the user application processes and JavaDatabase Connectivity. In an alternative embodiment, the Unix filesystem can be used to store system data.

[0104] With regard to the systems and methods in accordance with FIGS. 1and 2, it will be realized by the skilled artisan that manytransactional applications lend themselves to the anonymity provided bythe instant invention. Accordingly, in one aspect, particular serviceproviders or Information Requesters have security codes and/or prioritycodes which allow them access to some, if not all, of the informationcontained in the offline database. This, for example, would be thesituation with an issuing bank with a particular credit card that hasbeen issued to a Subscriber in the anonymous system and various piecesof information with regard to, for example, financial status of theSubscriber are required in accordance with the Agreement between theSubscriber and the bank. Preferably, this information flow is handled bythe server as set forth above after authentication of the totaltransaction. It will be further realized that alternative embodiments ofthe system in accordance with the instant invention can provide some orall of the information contained in the database to a particular ServiceProvider or Information Requester depending upon the degree ofanonymity, the position of the Service Provider or InformationRequester, and the access codes/alias identifiers of the system. Thus,in accordance with one aspect of the invention, no information isallowed to any Service Provider or Information Requester and in thataspect the system has the capability of providing authentication orauthorization code for a particular transaction completely devoid of anysubscriber information. Further, it will be realized that particularembodiments will allow grocery cards and club cards such as frequentflyer and the like (which are primarily involved in gatheringdemographic information with regard to purchasers) to be “blinded” bythe use of the instant invention. It will also be realized that, forexample, a number or series of aliases or codes such as personalidentification numbers, and the like can be used in association with themedium to reduce risk of unauthorized use of the medium. In accordancewith a preferred embodiment, security codes may be issued to theSubscriber such that one or more of the security codes must be useddepending on the magnitude of the transaction. Further, it will berealized that although plastic cards are an easy medium in which toembed alias identification, alternative embodiments may employ othermediums such as electronic transfer medium, smart cards, chips and thelike. Thus, as long as the medium can maintain and contain at least oneset of alias identifiers that can be recognized by the system, anymedium can be used in accordance with this invention. For example, codeson keypads and even fingerprints would be acceptable identification totrigger the system.

[0105] II. Preferred Systems and Methods for Anonymous Credit CardTransactions

[0106] For purposes of preferred systems and methods specificallydirected to protecting the identity of a credit cardholder, whereby thecardholder can enter into credit card transactions in completeanonymity, the detailed description of preferred embodiments that nowfollows is represented in terms of processes and symbolicrepresentations of operations carried out by a credit card processingsystem. In the corresponding drawings, in which like numerals representlike elements throughout the several figures, features of these systemsand methods are described in further detail.

[0107] Alias Account

[0108]FIG. 3 illustrates an exemplary account setup in an alias accountpayment transaction system 100. The alias α-count system 100 comprises athree part credit card application 102, an issuer application processor112, a primary credit card 40 and an alias credit card 42, an aliasapplication processor 116, a host processing system 118, a part 3applicant record 105, a vault system 114, and a vault receiving elementor gateway 126. The vault system 114 includes a server 122, a vaultprocess application 124, and a matching database 120.

[0109] The three part credit card application 102 comprises a part 1credit card application 104 for setting up the primary account, a part 2security application or stub 106 for setting up the alias account, and apart 3 applicant's record 105 that is retained by the applicant. Thecard applicant's real identity and factual information used to establishcredit are provided on the part 1 credit card application 104. The cardapplicant's alias identity, for example, an alias name and aliasaddress, are provided on the part 2 security stub 106. The onlyinformation in common between the part 1 credit card application 104 andthe part 2 security stub 106 is a document tracking number (DTN) 108 and110. In the preferred embodiment the DTN is the same multi digit numberon both part 1 and part 2. Alternatively, a multi part encryptionmethodology (e.g. public key/private key) can be employed to provide twodifferent DTNs on the parts 104, 106 that when combined according to anencryption/decryption algorithm establish a unique number forassociating the primary account and the alias account under appropriatepredetermined circumstances.

[0110] Generally, the alias account system 100 functions in thefollowing manner. The part 1 credit card application 104 of credit cardapplication 102 is transmitted to the issuer application processor 112for processing. If the part 1 credit card application is approved, theprimary credit card 40 is issued and a primary account is booked on hostprocessing system (HPS) 118. The primary account is a credit cardaccount that functions like any other credit card account.

[0111] The part 2 security stub 106 is transmitted to the aliasapplication processor 116, independently of the part 1 credit cardapplication. At the alias application processor 116, the part 2 security.stub 106 is processed and the resulting information is transmitted tovault receiving 126. Vault receiving 126 transfers the informationreceived from alias application processor 116 to the vault 114.

[0112] In accordance with a preferred aspect of the invention, the vault114 is preferably a secure facility operated by an independent thirdparty that is not beholden or obligated to credit card companies ormerchants, for example a privacy foundation, where the identity of analias account holder is maintained and not disclosed to others exceptunder certain limited conditions. The vault may charge a fee for usingits facilities, and may contract with credit card companies to provideits vault services, as described herein.

[0113] Although the preferred embodiment involves use of an independentsecure facility as the vault, it will be appreciated that some degree ofcardholder privacy can be realized by maintaining the alias accountfeatures described herein with a secure database within the dataprocessing facilities of an issuer or other party. According to thisalternative aspect of the invention, secure data may be provided by asecured computer system within an issuer's facility or by a separatesecure database with an issuer's computer system for supporting thealias accounts. Cardholder privacy is effected in this alternativeapproach by password protecting the secure data, by restricting theaccess of customer service representatives to the secure data, and/or byproviding separate personnel to handle the issuer's alias accountdatabase.

[0114] In vault 114, a vault process application 124 on server 122receives information from vault receiving 126 and from the primaryaccount booked on HPS 118. This information is input to a matchingdatabase 120 and is used to book an alias account in vault 114. Thealias account information is then transferred to HPS 118 to set up acorresponding alias account and issue an alias credit card 42. The aliasaccount booked on HPS 118 is identified with an alias name and address.

[0115] In the alias account system 100, the key points in protecting theanonymity of the account holder are the facts that the part 1 creditapplication 104 goes to a different location than the part 2 securitystub 106, and that the only information in common between the two partsof credit card application 102 are the DTNs 108 and 110.

[0116] In FIG. 3, a new account is set up using the three part creditapplication 102; information required from credit card applicants isprovided on appropriate paper or computer based form. The part 1 creditcard application 104 of application 102 is a standard creditapplication, while the separable part 2 security stub 106 is used tosetup the alias account. A part 3 applicant's record 105 is alsoprovided as an applicant's copy of the three part credit cardapplication 102.

[0117] The part 1 credit card application 104 captures the normalinformation the issuer requires to make its credit decision and setupthe primary account. The part I credit card application also provides adocument tracking number (DTN) 108 for creating an association with asecond DTN 110 on the part 2 security stub 106. The DTN 108 is stored ina master file 130 when the application is processed so that it can bepassed to the vault 114 after the account is booked.

[0118] The issuer processes the part I credit card application 104 asany other application. Credit bureau reports are requested and theaccount is scored to determine credit eligibility and establish anamount of available credit. If the part 1 credit card application 104 isnot approved, the normal letters are sent as with any other creditapplication. If the application is approved, the primary account isbooked on the host processing system (HPS) 118 and a primary credit card40 is issued to the applicant. Under association regulations the addressof the booked account is reported to the Issuers Clearing House (ICS)and the credit bureaus.

[0119] There are at least two methods of booking the approved primaryaccounts on the host processing system. If the credit card issuer usesHPS 118 to process the credit card application, the account is bookedautomatically on HPS 118. However, if a credit card issuer chooses touse an outside vendor to process the application, HPS 118 will receivean account tape and the accounts are booked as part of the nightlycycle. The nightly cycle also produces a daily report file. This reportfile shows all accounts that were booked on the system during that day.From this report file, the new primary accounts are captured andtransferred to vault 114. HPS 118 may capture the primary accounts, forexample, using a flag in the master file that denotes a primary accountor using a portfolio segregation method, where the primary accounts areidentified by the system and principal number (sys/prin number) in amethod that will be familiar to those skilled in the art.

[0120] Unlike the part I credit card application 104, the part 2security stub 106 is transmitted to the alias application processor 116.A data entry operator using alias application processor 116 captures thesecurity information contained on the part 2 security stub 106. Thesecurity information, for example, may include the document trackingnumber (DTN) 110, a password 107, other security information, etc. Thealias application processor 116 captures the security information andtransfers it to vault receiving 126. Vault receiving 126 does not haveto be physically located in the vault 114. It is simply a location wherethe security information is received and transferred to vault 114.

[0121] In vault 114, the security information from the part 2 securitystub 106 is used to assign the password 107 to the alias account. Thepassword 107 is used for identification (ID) verification on the aliasaccount. The password 107 may be placed in the mother's maiden namefield of the alias account. The part 2 security stub 106 contains asecond DTN 110 that is associated with the DTN 108 on the part 1 creditapplication 104. Since the part 1 credit card application 104 and thepart 2 security stub 106 have an associated document tracking number(DTN) 108 and 110, the DTNs are used to construct a relationship betweenthe primary account and the alias account. Because they are used forthis purpose, the document tracking numbers are preferably unique to anissuer.

[0122] In addition to providing the password 107 to the alias account,the security information is also input to vault process application 124on server 122. The vault process application 124 constructs a matchingdatabase 120 using two data sources. The first source is the securitystub 106. The security stub 106 contains the password 107 and the DTN110. The second source is HPS 118. HPS 118 transfers certain primaryaccount information to the vault 114 for purposes of maintaining thealias account.

[0123] As new security information is transferred from vault receiving126 to the vault 114, vault process application 124 receives thesecurity information and updates the matching database 120. If, when thesecurity information is received and processed and it is determined thatthe DTN 110 is already in the matching database 120, the vault processapplication 124 determines if the alias account information has alreadybeen posted by vault 114. If it has not, then, HPS 118 received the part1 credit card application 104 before the security information arrived atvault 114. In this case, HPS 118 has already approved and booked theassociated primary account and transferred its information to vault 114.To proceed with alias account establishment in this case, an aliasaccount record is created and added to a new account file and is sent toHPS 118 for posting. This process creates the alias account on HPS 118.

[0124] If, when the security stub 106 is received and processed and itis determined that DTN 110 is already in matching database 120, thevault process application 124 determines that the alias accountinformation is already posted and reports an error, because the securitystub information is a duplicate record.

[0125] If, when the security stub 106 is received and processed and itis determined that DTN 110 is not already in the database, the primaryaccount information has not been transmitted from HPS 118 to vault 114.In this case, the security stub information is maintained on file untilit can be matched with a new primary account or for a predeterminedholding time. For example, after 6 months the record may be removed fromthe file.

[0126] In the above process, the vault process application 124 is takinginformation from the daily cycle in HPS 118 and using it to create aninput file for the next day's cycle. This means that, if an account isapproved before a day's cycle ends, the new account is built in HPS 118and the information for the vault 114 is extracted from the filescreated that night, during the processing of the daily report file. Theextracted information is transmitted to vault 114. This input to thevault is processed and a request for a new alias account file will betransferred back to HPS 118 for the next night's processing of the dailyreport file. As a result of this process, the new alias account isbooked in HPS 118.

[0127] Once an alias account is booked on HPS 118, the alias accountsare not reported to the credit bureaus or the Issuers Clearing House(ICS). The alias account is not reported to the credit bureaus becausethe primary account was already reported. The alias account is notreported to ICS because the address on the account is meaningless.Furthermore, the credit available to the credit cardholder is split orallocated between the primary account and the alias account on apredetermined basis, with the total credit available to the creditcardholder not exceeding the sum of the primary account and the aliasaccount.

[0128] In HPS 118, all alias accounts will be assigned a fictitious nameto populate the fields within the alias account and facilitateidentification and recognition of alias accounts within the HPS system.For example, the account name may be assigned a made up name such as“Pat G. Alias”. The remaining account information for the alias accountis generated in the vault 114. Vault 114 generates a mailing address forthe account that consists of an apartment number that is unique and acity, state and zip code that is special for the account, again tofacilitate identification and recognition of alias accounts within theHPS system. The zip code is used in the mailing process to identify adocument with an alias name and address. The mailing process for aliasaccounts will be discussed later in detail.

[0129] The booked alias accounts are reported on the daily report filein the manner known to those skilled in the art. A file of theseaccounts is created and sent to the vault 114 so that a report can becreated for the issuer and the privacy foundation. The vault 114 willprovide daily reports showing the primary accounts that are booked buthave no matching part 2 security stub 106 and primary accounts that havesuccessfully set up an alias account. The vault will also generate aweekly report to inform the issuer of the number of alias accountsissued and the number of account numbers available for assignment.

[0130] Account Transactions

[0131]FIG. 4 illustrates a typical credit card transaction using thecredit cards of the present invention. Credit card 40 is associated withthe primary account and credit card 42 is associated with the aliasaccount. The primary and alias credit cards 40 and 42 are used like anyother credit card. The cardholder presents either the credit card 40 or42 to a merchant at a point of sale 204 or 206 (which can be in person,on line, via telephone, etc.). The merchant at the point sale submitsthe credit card account number for authorization to an acquirer. Theacquirer is an entity that enters into an agreement with a merchant forauthorization and settlement of its credit card transactions. Theacquirer may be a bank, a credit card company (for example, VISA,AMERICAN EXPRESS, MASTERCARD, etc.), or some other entity.

[0132] In FIG. 4, the Host Processing System (HPS) 118, which may beoperated by an acquirer or by another entity, receives the authorizationrequest from the merchant and provides authorization of the credit cardtransaction. Assuming that the credit card transaction from either theprimary credit card 40 or the alias credit card 42 is approved, thetransaction is treated in a similar fashion to other credit cardtransactions, with the exception of the statement printing process. Thestatement printing process for the alias account is different from theprinting process of the primary account and other credit card accounts.The primary account statement 218 associated with credit card 40 isprinted in print facility 216, using the name and address associatedwith the primary account in HPS 118.

[0133] In contrast to the statement printing process for primaryaccounts, alias accounts are tagged in HPS 118 for purposes ofidentifying alias accounts and distinguishing them from other accounts.The alias accounts are tagged, for example, by setting a flag,identifying special fields, or assigning a system and principal number(sys/prin. number) to the alias accounts. In accordance with the presentinvention, however, the alias accounts are not associated with anyprimary account at the HPS. The tagged records 212 are then transferredto vault 114 for processing. In vault 114, the fictitious name andaddress on the alias account is replaced with the cardholder's real nameand address. The real name and address is retrieved from matchingdatabase 120. The corrected records 214 are transferred to printfacility 216, where an alias account statement 220 is printed. The aliasaccount statement printing process will be discussed in greater detailbelow.

[0134] Account Updates

[0135] Referring now to FIG. 5, an existing cardholder can upgrade ormodify their credit card account to add an alias account. An upgrade orpreapproved application 300 is used to sign up an existing cardholderfor an alias account. The upgrade or preapproved application 300comprises two parts. Part 1 302 is an upgrade credit card applicationand part 2 304 is a security stub. According to this aspect of theinvention, unlike new account setup, the two parts of application 300need not be associated by using the DTN information. Instead, the twoparts of the application may be associated by using the credit cardaccount number 306 on the cardholder's existing credit card 301. Thecredit card account number 306 is affixed to both parts of theapplication. A password 303 selected by the cardholder is provided onthe part 2 security stub for security purposes.

[0136] As illustrated in FIG. 5, the part 1 upgrade credit application302 is transmitted to issuer application processor 112. The issuer orits agent will handle the processing of the part 1 upgrade creditapplication 302. Similarly, the part 2 security stub 304 is transmittedto vault receiving 126 for processing. Vault receiving 126 captures thepassword 303 and the current credit card account number 306 on part 2security stub 304. This information is transferred to the server 122 topopulate the table for matching database 120. The part 2 security stub304 information is stored on server 122 for a predetermined period oftime or until the corresponding account information is received from HPS118 and an alias account is built.

[0137] When the upgrade credit card application 302 is approved, theissuer initiates an account transfer. The existing account istransferred to a primary account and a new upgrade credit card 308 isissued as the card for the alias account. The existing account may betransferred, for example, by flagging the existing account as a primaryaccount in the master file or using a portfolio segregation method andswitching the existing account to a system and principal number(sys/prin. number) assigned to primary accounts. The credit limit on thenew primary account is also set to a value that can be distributedbetween the primary account and the alias account that will be created.The credit limit distribution process will be discussed in detail in theaccount management section.

[0138] HPS 118 captures the account transfers on a report file andchecks the report file for existing accounts that have been identifiedas primary accounts. This report is used to transfer the primaryaccounts to the vault 114. When vault 114 receives the new primaryaccount information and matches the credit card account number 306 onthe part 2 security stub 304 with the credit card account number 306 onthe primary account, it will create a new alias account. All otherprocesses for creating the alias account are the same as those describedin new account setup.

[0139] Credit Limit Changes

[0140] Refer now to FIG. 6 for a discussion of the account managementfunctions. In particular, the following discussion relates to the mannerin which the credit limit assigned to a particular cardholder isincreased (or decreased) and the changed credit limit is allocatedbetween the primary account and the alias account.

[0141] Account management functions generally do not involve monetaryvalues or relate to specific financial transactions, and are oftencalled non monetary or “non mon” transactions. Generally, a non montransaction is a transaction that affects account information, but doesnot affect the monetary information for an account. For example, name,address, and credit limit changes to an account are non mon transaction,and such changes are generally called updates. In the alias accountsystem 100, non mon updates to the primary account are processed on HPS118.

[0142] The primary account controls the credit line on both the primaryand the alias accounts because all credit decisions are based on theprimary account. When HPS 118 establishes a primary account, a creditlimit is set for the primary account. This credit limit is passed to thevault 114 as part of the alias account setup process. When the vault 114creates the alias account it will take the credit limit passed anddivides it based on a percentage allocation or distribution ratioestablished by the issuer. A non mon transaction is created to set theprimary account's credit limit to its proper value. The alias account'scredit limit is set to the remaining amount. In addition, there isinformation stored with the primary account recording the change to thecredit limit, and the fact that the vault 114 issued the change. Thisinformation is important because a customer service representative (CSR)making a change to the credit limit can recognize that there is an aliasaccount associated with the primary account.

[0143] It will be appreciated that the allocation of available creditbetween the primary account and the alias account is within thediscretion of the issuer and, if desired, selection by the cardholder.An issuer may require a predetermined allocation, for example 50%, ofthe available credit between the two, or may allow some discretion onthe part of the cardholder. The issuer may allocate 0% or 100% or anynumber in between of the available credit to the primary account, withthe remainder to the alias account.

[0144] A CSR may retrieve the information stored with the primaryaccount to help determine the combined credit exposure and make thedecision to issue a non mon setting a new credit limit. The vault 114will capture the non mon when it is reported on a daily report file andwill recalculate bout credit limits and issue a non mon for eachaccount. It will be understood that in current systems this process mayrequire a number of cycles to complete so there is additional exposureto the issuer from the time that the non mon is issued until the vault114 issues the non mons for both accounts and they are processed by HPS118. This process applies to both increases and decreases of the creditlimit.

[0145] It is important to note that if the issuer changes thedistribution ratio of the credit limit, vault 114 will not immediatelyrecalculate the credit limit associated the alias accounts on file. Theaccounts will remain at the old ratio until a non mon is issued for theaccount. This is to prevent the possibility of putting accounts overthat were not over the limit before the change. Online changes of thealias account's credit limit is preferably not allowed.

[0146]FIG. 6 is a general block diagram illustrating an embodiment ofthe alias account management process. The alias account managementprocess starts at block 400 with a request from a cardholder for acredit line increase. This is usually made through a phone call to theissuer. The issuer receives the request at block 402 and requests acredit bureau report of the cardholder. Based on the credit bureaureport, at block 402 the issuer rescores the customer's credit anddetermines the customer's eligibility for a credit line increase.

[0147] If the credit increase is approved, the issuer at block 406 willperform an online non mon transaction to HPS 118 to post the change ofthe primary account credit limit. The non mon transaction is logged inan online non mons file 408. The online non mons file 408 is thentransferred to the posting program 410. The nightly posting program 410also receives the current host master file 412. Once both files arereceived, the posting program 410 posts the online non mons in file 408to the current master file 412 and generates a new host master file 414.The posting program 410 also generates a number of report files. Thesereport files are input to a report splitter program 416 that will splitoff a non mon report 418. The non mon report 418 contains the primaryand alias account information associated with the posted transactionsthat do not effect the account's monetary value. The non mon report file418 is used as input to alias split program 422 and to generate a dailyreport 420. The alias split program 422 separates the alias and primaryaccount transactions and generates a non mon report file 424 that onlyincludes the alias account transactions. This non mon report file 424 isthen transferred to vault 114.

[0148] In vault 114, the non mon report 424 is input to the non mongenerator process 426. The non mon generator process 426 retrieves theissuer's percentage allocation or distribution ratio from the matchingdatabase 120 and applies it to the new credit line limit received in nonmon report file 424. In applying the issuer percentage allocation, thenon mon generator process 426 takes the new credit line limit andapportions it based on the percentage assigned to the primary and aliasaccount. To set the apportioned credit limits in HPS 118, the non mongenerator 426 outputs a non mon file 428 to HPS 118. The non mon file428 is input to the posting program 410 in the next day's cycle. Theposting program 410 will post the modified credit limits to the primaryand alias accounts.

[0149]FIG. 7 is an example of an issuer's credit exposure when a creditlimit increase is processed using the account management process of FIG.6. In column 1 502, when the cardholder makes a request for the issuerto increase the primary account credit limit from $10,000 to $15,000,the issuer's total exposure is $10,000 prior to the credit limitincrease. The $10,000 exposure is divided according to the issuer'spercentage allocation, which in this example is 50%. Therefore, theissuer's exposure is $5,000 for the alias account and $5,000 for theprimary account.

[0150] In column 2 504, when the issuer enters the online non mon 506for $15,000 to HPS 118, the change of the primary account credit limitis posted and the issuer's total exposure is increased to $20,000($15,000 for the primary account and $5,000 for the alias account). Incolumn 3 508, during the fast day's batch cycle (cycle 1 510), theissuer's exposure remains at $20,000.

[0151] In column 4 512, after HPS 118 completes the cycle 1 510, thecredit limit increase is transferred to vault 114 for processing. Duringthe processing, the issuer's credit exposure remains at $20,000 ($15,000for the primary account and $5,000 for the alias account). Once theprocessing is complete, in column 5 514, the modified alias and primarycredit limits are transferred back to HPS 118 for input to the secondday's batch cycle (cycle 2 516). At this point, the issuer's creditexposure is $15,000 ($7,500 for the alias account and $7,500 for theprimary account).

[0152] Non Mon Updates

[0153]FIG. 8 illustrates a process for performing non mon updates suchas name and address changes. Daily non mon file 600 contains the recordsof the non mon updates to the primary accounts. The daily non file file600 also includes tables of the sys/prin. number and non mon valuesassociated with a non mon update. The sys/prin. number and non monvalues within the tables are easily modified.

[0154] The daily non mon file 600 is stored and processed outside of theHPS's critical path. HPS 118 uses an extraction program 602 to read thedaily non mon file 600 and create a vault transaction file 604 that islater transferred to vault 114. The extraction program 602 selects therecords that are added to the transaction file 604 using the record'ssys/prin. number and non mon values.

[0155] On a daily basis, vault transaction file 604 is transmitted tovault 114. The vault update process application 606, on the vault'sserver 122, takes the name and address changes from the vaulttransaction file 604 and posts them to the matching database 120. Thisensures that the mailing labels have the correct mailing information.For changes that need to be propagated from the alias account in vault114 to the associated primary account on HPS 118, a non mon update file608 is created and transferred to HPS 118 for the next day's processingcycle.

[0156] An application program on HPS 118 provides a report and input tovault 114 of all changes made to the HPS database and processing counts.The application program selects the report entries in a manner similarto the alias account extraction program 602. This report will provide anaudit trail of all transactions passed to vault 114.

[0157] As a safety precaution, HPS 118 is preferably configured toprevent a customer service representative (CSR) from making onlinechanges to an alias account's name, address, social security number, andhome and work phone number fields. These online changes to the aliasaccount are blocked because those fields provide a means of compromisingthe cardholder's identity. To ensure that a cardholder's identity is notcompromised and a CSR does not accidentally change these fields, themodification of these fields is assigned to vault 114.

[0158] Even though the issuer is prevented from making online name andaddress changes to the alias accounts, the issuer is able to make thesemodifications using tape transactions. However, this procedure shouldpreferably be avoided to ensure that the cardholder's identity is notcompromised.

[0159] It is always possible that the cardholder may want to close thealias or primary account. FIG. 9 illustrates the account closingprocess. In addition to name and address changes, account closings andpersonal identification numbers (PINS) associated with ATM transactionsare also considered non mon changes. The account closing process startsat step 700. At step 700, HPS 118 transfers the non mon collectiontransactions file to the vault processing step 702. The non moncollection transaction file contains the primary and alias accounts thatare going into collections. In step 702, the vault 114 receives the nonmon collection transactions file and proceeds to step 704. At step 704,the vault 114 processes the collection transactions file and combinesthe two accounts. The accounts are combined, because the cardholder ischarged an annual fee for the alias account that is charged on theprimary account, and the issuer is paying for two accounts on HPS 118.The combined account is then transferred, at step 706, to a non aliassys/prin. number on HPS 118. Once the accounts are combined, allactivity on the alias account is visible on HPS 118. In the preferredembodiment, regardless of whether the alias or primary account isclosed, the account closing process remains the same.

[0160] Vault 114 also handles the non mon for setting account PINS. Ifthe issuer wishes to allow ATM use of the alias α-count, the form forselection of a PIN is inserted with a mailing to the cardholder. Themailing process will be described in detail below.

[0161] Account Risk Management

[0162] In the preferred embodiment, HPS 118 uses a standard credit cardauthorization system. However, the issuer must establish a method forauthenticating the cardholder of an alias account. In an embodiment ofthe invention, this is accomplished by using the alias “password” thatwas entered during account setup. The issuer should also have somespecial procedures to handle referrals and hot calls. Since none of theinformation on the alias account is real, a phone number is set in thephone number field that will allow the issuer to communicate with thevault and request contact with the cardholder.

[0163] In reporting a lost or stolen credit card or to confirm fraud, acardholder must make a call to report each account. This allows thecardholder to maintain his or her anonymity. A first call is made toreport the primary account as themselves and a second call is made toreport the alias account with the alias name. For example, the callermay use the name “Pat G. Alias.” If the issuer suspects fraudulent useof the alias account, the issuer must contact vault 114. Vault 114 willin turn contact the alias account holder.

[0164] Once a credit card is confirmed as lost or stolen or fraudulentlyused, HPS 118 handles both accounts in the same manner. The accountstatus flag is changed and an instruction is executed to transferactivity to a new account. HPS 118 also issues a new plastic creditcard. The instruction generated by HPS 118 is captured from a reportfile and used to update the matching database 120 in vault 114. Vault114 monitors the account status flag to generate the appropriateactions. Vault 114 also maintains state images of the accounts tomonitor multi step processes, and determines when a process is complete.Vault 114 provides account reports on completed operations.

[0165] Unlike the procedure described above, when an alias account orprimary account becomes delinquent, the vault will receive notificationto combine the two accounts for reporting and/or collection purposes.The customer account disclosures, provided to the customer on accountsetup to advise of account policies and procedures, inform thecardholders that if the alias or primary account becomes delinquent thealias account will be closed and combined with the primary account. Theprimary account will be transferred to a non alias sys/prin. numberbecause it is no longer an alias account. The resulting new account is,then, placed into collections.

[0166] Customer Communications In order to bill customers for creditcard transactions, the HPS 118 produces on line alias account statementsfrom archives and CD ROM's. All statements produced on line will containthe alias account address information. Statements printed for the aliasaccounts proceed through the HPS statement processing until they areready for printing. Monthly statements for the alias accounts aretreated as if the issuer or some other vendor is going to print them.

[0167]FIG. 10 is an overview of the statement printing process 800,while FIG. 11 illustrates a specific implementation of an aliasstatement process 900. In FIG. 10, a statement formatting process orprogram module 801 at the HPS 118 produces an alias statement print file802 of the alias account statement addresses. The alias statement printfile 802 is transmitted to vault 114 for processing. Vault 114 is notresponsible for mail redirection. However, in accordance with theinvention vault 114 supports mail redirection. It will be recalled thatto support mail redirection, vault 114 maintains the matching database120. In the vault 114, the matching database 120 is queried based on theapartment number of the alias address to located the real name andaddress of the account holder.

[0168] The matching database 120 includes the alias apartment number(key), the real name, and the real address. If the apartment number onthe alias account statement is successfully located in the matchingdatabase 120, the real name and address that will be used for mailingthe statement will be retrieved and used to construct a corrected aliasstatement print file 806. The corrected alias statement 5 print file 806is then transmitted to a print facility 808 outside the vault 114 thatprints the monthly alias account statement 220 with the name and addressprovided by the cardholder to which the alias statement is to be mailed.Print facility 808 is any facility that can receive an electronic printfile and print the monthly alias account statement 220.

[0169] In addition to the above mailing requirements, it is alsonecessary for the vault 114 to replace the alias name and address on thepayment coupon with the real name and address for the alias accountstatement. This will help limit compromising the identity of thecardholder.

[0170] In another embodiment of the invention, the security stub 106(FIG. 1) is provided with an option for an alternate address for mailingthe alias account statements. In this case, HPS 118 flags the aliasaccounts that have an alternate address and transfers them to the aliasstatement print file 802. The alias statement print file 802 is thentransmitted to vault 114 for processing. The vault 114 receives thealias statement print file 802, recognizes the flagged alias accounts,and does not replace the alias address with the real address associatedwith the primary account, but assigns the alternate address receivedwith the security stub information.

[0171] In a further embodiment of the invention, a copy of the matchingdatabase 120 is made available to the print facility 808 or a securedsite on the Internet that makes the database available to maildistributors that need the information for relabeling. For example, amail or parcel distributor working in association with the alias accountsystem described herein may be operative to receive purchases made usingan alias card, relabel the packages containing the purchases with theprimary account address, and reship the packages to the primary accountaddress. As another example, a mail or parcel distributor may effect thesame package relabeling to the alternate address instead of the primaryaccount address.

[0172] In a system utilizing a mail or parcel distributor, items of mailor parcels addressed to the alias address are received by apredetermined mail distributor that has been established for mail andparcel relabeling and reshipping. It will be appreciated that the aliasaddress should preferably contain indicia (e.g. a data key) that enablesthe mail distributor to determine the proper real shipping address foreach received piece of mail or parcel. For example, all mail or parcelsshipped to “Apartment XXXXX, River Street, Des Moines, Iowa”, mightindicate a mail distributor's facility in Des Moines, Iowa. The “XXXXX”can be a special key unique to a particular alias account cardholder.Upon receipt of a piece of mail or parcel with a certain apartmentnumber, the mail or parcel distributor uses the apartment number key tolook up the appropriate relabeling address in the matching database, andprints a new label for reshipping the mail or parcel.

[0173] It will be appreciated that the address displayed in the envelopeof a received piece of mail or on the label of a received parcel must besufficient to signal special processing, as well as locate the correctname and address. The alias address, however, is preferably not a postoffice box, since some merchants will not ship to such an address.

[0174] As a signal to mail distributors that a mailed item requiresspecial processing, the alias address may contain a special zip code.The zip code provides a means for mail distributors to determine thatthe piece of mail needs to be relabeled as part of their normal addressscanning process. The zip code may also identify the facility that isassigned to handle the relabeling process.

[0175] With this embodiment of the present invention, the alias accountholder can direct merchants to ship merchandise purchased with the aliascard to the print facility 808 or the mail or parcel distributor forrelabeling. This provides the alias cardholder with additional privacy.The alias cardholder is able to keep his or her anonymity, since thereis no need to provide the merchant with a mailing address where thecardholder can be reached.

[0176] In HPS 118, other customer communications (letters, alias creditcard, and PIN mailings) are mailed using the master file address that isassociated with the alias account. As described above, vault 114maintains a matching database 120 that is used to create mailing labels.The matching database 120 uses the apartment number of the alias addressor the alias account number as the key to retrieving the real name andaddress. The real information is used to produce a new mailing label toplace over the alias address. However, since this is an expensiveprocess, the issuer may want to tam off most letters to avoid theadditional postage and handling costs.

[0177]FIG. 11 illustrates the preferred embodiment of the aliasstatement process 900. To start the alias statement process, a validtransactions file 901, a current host cardholder file 902, and a productcontrol file 903 are input to a posting program 410 (FIG. 6). Theposting program 410 outputs a new host cardholder master file 904 andtransfers the statement records 905 to a statement formatting program801. In the statement formatting program 801, the alias accountstatements are separated into an alias statement print file 802 andtransferred to vault 114. All other accounts are output to a nightlystatement file 908 that is transmitted to a print facility 808 whichincludes host output services 916 and statement printer 918. At outputservices, the statements are produced on statement printer 918.

[0178] In vault 114, the alias statement print file 802 is input to thestatement name/address overlay process 912. The statement name/addressoverlay process 912 uses the matching database 120 to retrieve the realnames and addresses associated with the alias accounts. Once the realnames and addresses are retrieved, the overlay process 912 replaces thenames and addresses on the alias accounts in the alias statement file802, with the real name and addresses and transfers them to a correctedalias statement print file 806. The corrected alias statement print file806 is then transferred back to HPS 118 as an input to the printfacility 808. At output services 916, the alias statements are producedon statement printer 918.

[0179] Remittance Processing

[0180] Primary account payments are handled in the same manner as anyother credit payment. The primary account may use any options of paymentthe issuer wishes to make available. Unlike the primary account,however, there are some special considerations for handling the aliasaccounts. To handle the alias accounts, the issuer should preferablyselect a remittance processor. The remittance processor shouldpreferably not use automatic payment options with alias accounts. Theautomatic payment options provide a means for the remittance processorto automatically charge a cardholder's checking account for the requiredpayment. However, this requires that the cardholder's checking accountnumber be stored on the HPS master file. Using this information, thealias and primary accounts can be matched and anonymity compromised.

[0181] In processing check payments for the alias account, the paymentcoupon for the alias account will have the cardholder's real name andaddress that will match their personal check. The payment coupon willalso have the alias account number. However, the remittance processordoes not have access to HPS 118, and additional information about thecardholder. Thus, the auto payment option and check payment processingprovide a small risk that the cardholder's identity may be compromisedat the remittance processor.

[0182] Vault Database

[0183]FIG. 12 illustrates the databases 900 employed in the vault 114and their associated relationships. The vault databases comprise amatching database 120 (FIG. 1), a temporary database 1002, an accountblock database 1004, an issuer database 1006, and a mail redirectiondatabase 1008. The matching database 120 contains the alias and primaryaccount information for matching the name and address of the aliasaccount on HPS 118 with the real name and address of the cardholder. Thematching database 120 contains a number of fields for managing the aliasaccount. FIG. 12 lists the fields contained in the matching database120, and Table 1 of FIG. 13 provides a summary of some attributesassociated with each of the listed fields for databases constructed inaccordance with the invention. For example, the first row of Table 1summarizes the field “IsNew.” The columns of row one include thefollowing: column one identifies the field name; column two identifiesthe data type associated with the “IsNew” field; and column three givesa description of the function of the field within the matching database.

[0184] The temporary database 1002 contains the alias and primaryaccount information for creating the alias account in vault 114. FIG. 12lists the fields used to create the alias account, and Table 2 of FIG.14 provides a summary of some attributes associated with each of thelisted fields. For example, the first row of Table 2 summarizes thefield “PrimaryAccountNumber.” The columns of row one include thefollowing: column one identifies the field name; column two identifiesthe data type associated with the “PrimaryAccountNumber” field; andcolumn three gives a description of the function of the field within theTemporary database.

[0185] The account block database 1004 contains the issuer's accountnumber information. This information is used to assign the issuer'saccount numbers to the alias accounts. FIG. 12 lists the fields use todefine the issuer's alias account numbers, and Table 3 of FIG. 15provides a summary of some attributes associated with each of the listedfields. For example, the first row of Table 3 summarizes the field“IssuerCode.” The columns of row one include the following: column oneidentifies the field name; column two identifies the data typeassociated with the “IssuerCode” field; and column three gives adescription of the function of the field within the Issuer database.

[0186] The issuer database 1006 contains the issuer profile within vault114. The issuer profile includes the issuer's system code, the date theissuer become active on the system, and the credit limit informationassociated with the issuer's accounts. FIG. 12 lists the fields use todefine the profile, and Table 4 of FIG. 16 provides a summary of someattributes associated with each of the listed fields. For example, thefirst row of Table 4 summarizes the field named “IssuerCode.” Thecolumns of row one include the following: column one identifies thefield name; column two identifies the data type associated with the“IssuerCode” field; and column three gives a description of the functionof the field within the Issuer database.

[0187] The mail redirection database 1008 contains the alias and primaryaccount for replacing the name and address on the alias account with thecardholder's real name and address. This is the address to which thecardholder's correspondences will be mailed. FIG. 12 lists the fieldsused to retrieve the cardholder's real name and address and Table 5 ofFIG. 17 provides a summary of some attributes associated with each ofthe listed fields. For example, the first row of Table 5 summarizes thefield “AliasBoxNumber.” The columns of row one include the following:column one identifies the field name; column two identifies the datatype associated with the “AliasBoxNumber” field; and column three givesa description of the function of the field within the Mail Redirectiondatabase.

[0188] Alias Account Processing

[0189]FIG. 18 is a flow diagram illustrating an overview of the host andvault process flow 1100. To initiate the primary account setup process,the issuer inputs part I credit card application 104 to the issuerapplication processor 112. After the issuer processes the part 1 creditcard application 104, the issuer transfers the part 1 application datafile 1118 to HPS 118. The part I application data file 1118 provides HPS118 with a document tracking number (DTN) 108 and the necessaryinformation to setup a primary account.

[0190] The part 2 security stub 106 is input to the issuer's aliasapplication processor 116 to set up an alias account. After the part 2security stub 106 is processed, the alias application processor 116transfers the part 2 application data file 1102 to vault receiving 126.The part 2 application data file 1102 is used to assign a password 107and a DTN 110 that matches the DIN 108 on the part 1 credit cardapplication 104. Alias application processor 116 also transfers theissuer account blocks data 1104 and issuer distribution ratio 1106 tovault receiving 126. Vault receiving 126, in turn, transfers the aboveinformation to vault 114 via alias account information 1110, accountblock details 1112, credit line ratio details 1114, and alias accountmodification/termination details file 1116. Vault 114 stores the part 2application data file 1102 in temporary database 1006. Vault 114 usesthe issuer account block data 1104 to assign the alias account number,and the issuer distribution ratio 1106 to split the credit limitassigned to the primary account with the alias account. Vault 114 alsoadds a record to the matching database 120. Matching database 120 storesinformation such as the primary and alias account numbers. Once thealias account information is stored in vault 114, it issues a non montransaction via non mons file 1124 to HPS 118 to requests the part 1application data file 1118. This information is transferred from HPS 118to the vault 114 via the primary account acquisition and updating file1130.

[0191] Once vault 114 receives the primary account information, itqueries the temporary database 1006 for the associated alias account.The temporary database 1006 is queried using the document trackingnumbers (DTN) 108 and 110. The alias account found and the primaryaccount are associated in matching database 1002. Vault 114 alsotransfers a non coon transaction via non mon file 1124 to HPS 118. Thenon mon is transferred with the alias account acquisition and updatingfile 1128 to request the creation of the alias account on HPS 118. As aresult of this process, two accounts exist on HPS 118. The primaryaccount with the cardholder's real name and address and an alias accountwith an alias name and address.

[0192] To maintain the two accounts HPS 118 transfers various files tovault 114. HPS 118 transfers a primary accounts acquisition and updatingfile 1130, a non mons transaction updating file 1132, alias accountupdate file 1134, collections account number file 1136, and an aliasdocument file 1138. The primary accounts acquisition and updating file1130 is used to update primary account information. For example, theprimary account acquisition and updating file 1130 may contain an updatefor the cardholder's name, address, or account credit limit. The nonmons transaction file 1132 contains the non monetary instructions todirect vault 114 to execute various functions. For example, the non monstransaction file may include instructions to flag the alias account forcollections, to update the alias account details, or update the aliasaccount credit line.

[0193] The alias account update file 1134 provides vault 114 withinformation to update the alias account. For example, the alias accountupdate file 1134 may contain the information to change the credit limiton the alias account. The collections account number file 1136 containsthe alias and primary account numbers that are going into collections onHPS 118. The alias document file 1138 transfers documents with an aliasaddress and name to the vault 114 to have the alias name and addressreplaced with the cardholder's real name and address.

[0194] In response to the files and instructions transferred from HPS118, vault 114 manipulates the primary and alias account informationstored in the vault databases. This information is fed back to HPS 118via alias account acquisition and updating file 1128, accountcollections file 1126, non mon transaction file 1124, and redirectedmail file 1122. The alias account acquisition file and updating file1128 provides HPS 118 with the credit limit information for the aliasand primary account. The account collections file 1126 provides HPS 118with the information to combine the primary and alias accounts beforesending them to collections. The non mon transaction file 1124 serves asimilar function as the non mon transaction updating file 1132. Theredirected mail file 1122 provides HPS 118 with documents that have hadthe alias names and addresses replaced with the cardholder's real nameand address.

[0195] If at any time the cardholder decides to modify or terminate thealias account, the card holder may enter a request via the issuerapplication processor 112. The issuer application processor 112transfers alias account termination/modification request 1108 to vaultreceiving 126. Vault receiving 126 transfers the request to the vault114 via alias account modification/termination details file 1116. Invault 114, the request is processed and the appropriate outputs are sentto HPS 118.

[0196] Account Acquisition Process

[0197]FIG. 19 illustrates the account acquisition process 1200. Accountacquisition begins at data entry step 1202. The issuer applicationprocessor 112 and alias application processor 116 execute data entrystep 1202. Once issuer application processor 112 completes data entrystep 1202, the part 1 application data file 1118 is transmitted to thehost processing system (HPS) 118. HPS 118 at decision block 1204determines whether an account already exists. If an account alreadyexists, the process proceeds to step 1212, where HPS 118 puts the DTN inthe master file and flags it as a primary account. Once the existingaccount has been converted to a primary account, the credit line of theexisting account is altered at step 1214. Then, the process proceedsfrom step 1214 to step 1208. At step 1208, the primary account is dumpedinto a file. From step 1208, the file is transferred to step 1210. Atstep 1210, the file, identified as the primary account acquisition andupdating file, is transferred to vault 114 for processing.

[0198] If at decision block 1204 HPS 118 determines that an account doesnot exist, the process proceeds to step 1206. At step 1206, a newaccount is created in HPS 118. The new primary account is createdfollowing the normal process flow of HPS 118. From step 1206, theprimary account is transferred to step 1208. At step 1208, the primaryaccount is dumped into a file. Next, the process proceeds from step 1208to step 1210, where the file, identified as the primary accountacquisition and updating file, is transferred to vault 114 forprocessing.

[0199] Once alias application processor 116 completes data entry 1202,the part 2 application data file 1102 is transmitted to vault receiving126. Vault receiving 126 receives the part 2 application data file 1102and at step 1216 generates an alias account number. From step 1216, theprocess proceeds to step 1218, where vault receiving 126 also uses thepart 2 application data file 1102 to generate an alias file 1220. Thealias file is transferred from step 1218 to step 1220. At step 1220, thealias file is transferred to vault 114 for processing.

[0200] Next, at step 1222, vault 114 receives the data from the aliasfile and puts it in a temporary database 1002. From step 1222, theprocess proceeds to decision block 1226. At decision block 1226, vault114 determines if part 1 of the application if available. If part 1 ofthe application is not available, the proceeds to step 1230. At step1230, vault 114 transmits a non mon to request the part I applicationdetails. If part 1 of the application is available, the process proceedsto decision block 1228. At decision block 1228, vault 114 determineswhether part 2 of the application is available. If decision block 1228determines that part 2 is not available, vault 114 remains at step 1228until part 2 of the application becomes available. However, if atdecision block 1228 vault 114 determines that part 2 of the applicationis available, the process proceeds to step 1234. At step 1234, the vault114 will match the DTN on the alias account with the primary accountnumber, stored in two files, and add relevant entries to the matchingdatabase 120 (FIG. 1) and mail redirection database 1008 (FIG. 12).

[0201] Once the vault 114 has matched the primary and alias account atstep 1234, the process proceeds to step 1240. At step 1240, vault 114generates an alias account file. Next, the alias account file istransferred from step 1240 to step 1242. At step 1242, the alias accountfile, identified as the alias account acquisition and updating file, istransferred to step 1244. At step 1214, the alias account acquisitionand updating file is input to the next day's cycle on HPS 118.

[0202] Account Maintenance Process

[0203]FIG. 20 illustrates the account maintenance process 1300. Accountmaintenance process 1300 is used to change and maintain the primary andalias account information. To initiate a change of name, address orcredit line on an account, a request is made at step 1302 andtransferred to the host processing system (HPS) 118. The request is thentransferred to step 1304. At step 1304, HPS 118 will update, in thenormal process flow, the associated account information in the hostarea. From step 1304, the process proceeds to step 1306. At step 1306,HPS 118 will select, in its nightly cycle, the accounts associated withthe alias account system. Once those accounts are selected, the processproceeds to step 1308. At step 1308, the changes are put into a file.From step 1308, the file is transferred to step 1310. At step 1310, thefile, identified as the account update file, is transferred to vault114.

[0204] At decision block 1312, vault 114 determines if any alias accountupdate information has been received from the host. If there is noupdate information received from the host, the process proceeds to step1302 and waits for the next request. If at step 1312 vault 114determines that HPS 118 has transferred update information, the processproceeds to step 1314. At step 1314, vault 114 reads the account updatefile and makes the corresponding changes in the mail redirectiondatabase 1008 (FIG. 12).

[0205] Once step 1314 is complete, the process proceeds to decisionblock 1318. At decision block 1318, vault 114 determines if there havebeen alias account updates from a system operator. If a system operatorhas made changes to alias accounts, the process proceeds to step 1320.At step 1320, vault 114 creates a non mon to update the alias details inthe host (for a further discussion of non mon transactions refer toFIGS. 6, 8, and 9). At this point, the process returns to step 1302 andwaits for a new request (change of name, address and/or credit limit).

[0206] If at decision block 1318, the vault 114 determines that anoperator has made no changes to an alias account, the process proceedsto decision block 1322. At decision block 1322, vault 114 will determineif there has been a request for a primary account credit line update. Ifat decision block 1322, vault 114 determines that there is no requestfor a primary account credit line update, then the process proceeds tostep 1326 and ends. However, if at decision block 1322, vault 114determines that there is a request for a primary account credit lineupdate, then the process proceeds to step 1324. At step 1334, vault 114creates a non mon to update the alias account's credit line on the host.At this point, the process returns to step 1302 and waits for a newrequest (change of name, address and/or credit limit).

[0207] Collections Process

[0208]FIG. 21 illustrates a collections process 1400. The collectionsprocess 1400 identifies the alias and/or primary accounts that aredelinquent and going into collections on HPS 118, combines them in vault114, and sends them to collections. The collections process 1400 beginsat step 1402, where HPS 118 selects the accounts for collection. Theprocess then proceeds to step 1404, where HPS 118 places the selectedaccounts in a special queue. From step 1404, the selected accounts aretransferred to step 1406. At step 1406, HPS 118 transfers the accountnumbers of the selected accounts into a file. From step 1406, theprocess proceeds to step 1407. At step 1407, the file, identified as acollections account number file, is transferred to the vault 114.

[0209] At step 1408, the vault 114 receives the account numberstransferred from step 1407. From step 1408, the account numbers aretransferred to decision block 1412. At decision block 1412, the vault114 determines whether the account sent for collection is a primaryaccount. If the account sent for collection is determined to be aprimary account, the process proceeds from decision block 1412 to step1414. In step 1414, vault 114 will retrieve the alias account numberfrom the matching database 120. Next, the process proceeds from step1414 to step 1416, where the alias and primary account numbers are putinto a file. From step 1416, the alias and primary account numbers aretransferred to step 1421. At step 1421, the file, identified as theaccount collections file, is transferred to step 1422. At step 1422, HPS118 receives the file containing the alias/primary account numbers andputs them into a working queue.

[0210] If decision block 1412 determines that the account sent forcollection was not a primary account, the process proceeds to step 1420.Similarly, from step 1416, the alias and primary account numbers arealso transferred to step 1420. At step 1420, the alias and primaryaccount numbers are also used to create non mons for combining the twoaccounts and terminating the alias account. From step 1420, the non monsare transferred to step 1424. At step 1424, the file containing non monsis transferred back to HPS 118. At step 1426, the HPS 118 receives thefile containing the non mons transferred in step 1424. Next, the processproceeds to step 1428. At step 1428, HPS 118 updates the master file andsends an account transfer confirmation 1428 back to vault 114. When thevault 114 receives the confirmation 1428 at step 1410, vault 114, setsthe deactivation flag in the matching database 120 for the primary andalias accounts.

[0211] Mail Redirection Process

[0212]FIG. 22 is a flow chart illustrating a mail redirection process1500. The mail redirection process 1500 is used to replace the aliasname and address with the cardholder's real name and address ondocuments sent to the cardholder. Mail redirection process 1500 beginsat step 1502, where HPS 118 will generate a mailing document. Next, theprocess proceeds to step 1504, where the host processing system (HPS)118 will select the alias account documents and put them in a file. Fromstep 1504, the process proceeds to step 1503. At step 1503, the file,identified as an alias document file, is transferred to vault 114.

[0213] Vault 114, at step 1506, receives the file transferred from step1503. At step 1506, the vault 114, using the box number on the aliasaddress and the primary account number, determine the real name andaddress from the mail redirection and matching databases 1008 and 120.Then, the process proceeds to step 1512. In step 1512, the vault 114replaces the alias name and address with the real name and address onthe document and placed them into a file. From step 1512, the file,identified as a redirected mail file, is transferred in step 1513 to HPS118. The file transferred in step 1513 is received by HPS 118 in step1514. In step 1514, HPS 118 receives the corrected mail and sends it tothe printing system.

[0214] In view of the foregoing, it will be apparent that anonymouspayment transactions are provided, enabled, and/or facilitated withregard to the account holders so as to avoid undesirable compromises ofprivacy and anonymity on the part of consumers in their financialtransactions.

[0215] III. The “Kid” Card for Anonymous Transactions By Minors

[0216] The following is a description that depicts one exampleembodiment of the present invention. While this particular Kid Cardembodiment is fully capable of attaining the above described featuresand benefits of the present invention, it is to be understood that theKid Card embodiment represents a presently preferred embodiment of theinvention and, as such, is merely a representative of the subject matterthat is broadly contemplated by the present invention. It is further tobe understood that the scope of the present invention fully encompassesembodiments other than the Kid Card and that the scope of the presentinvention is not limited by the following example embodiment.

[0217] In a preferred embodiment, the Kid Card is a credit or debit cardthat makes limited purchasing power available to children. Preferably,the transactions performed with the Kid Card are anonymous, and theproducts available for purchase with the Kid Card are subject toparental control. In one embodiment, children are guided through theshopping experience by the Web pages supplied by the hosting entity.

[0218] Anonymity

[0219] In a preferred embodiment, the transactions performed with theKid Card are anonymous. For example, a child that purchases an item overthe Internet uses the Kid Card to pay for the item. When real timeapproval is sought by the entity processing the transaction, rather thanusing true identity data to authenticate the transaction, an alias setof information is used as described above. This alias set of informationis compared to an offline secure database in the bunker that comparesthe alias information to the true identity data and authenticates thetransaction. In this example, the true identity of the purchaser is thusnever compromised and therefore never available to the processingcompany for inclusion on a demographic list.

[0220] Parental Control

[0221] In one embodiment, parents can put restrictions on the types ofitems that the Kid Card may purchase. For example, the authenticatingdatabase might be configured to allow the purchase of only Type1 andType2 items. Thus, if a child attempted to purchase a Type3 item such asadult content material or a Tommy Gun, the transaction would be denied.Alternatively, the parental control can take the form of restrictions onthe products that are available for purchase. For example, a group ofparents who have created a Web page can offer the Kid Card. In thisexample embodiment, the group controlling the content of the Web pageadditionally controls product availability by selecting the items thatare available for purchase by children. Yet another example of parentalcontrol is based on a password scheme. In this embodiment, the serviceprovider requires a password from the child before allowing the child toenter the shopping area. Based on that password and input the serviceprovider has received from the parents, the products available to thechild for purchase are filtered. Thus, the parents have control overwhat items are made available to their children by creating a shoppingprofile. Such a profile could be generated, for example, as part of theapplication process for the Kid Card.

[0222] ISP Guide

[0223] In a preferred embodiment, the Internet Service Provider (“ISP”)acts as the guide to the children's shopping experience. For example,the ISP could be America On Line (“AOL”) or any other provider.Alternatively, the entity providing the Kid Card service could be a webpage and not an ISP at all. However, for simplicity in the example, AOLwill be used as both the ISP and the entity providing the Kid Cardservice. In this example, AOL is the ISP. Additionally, AOL hosts aspecial “kids only” shopping area. The kids only shopping area may beaccessible only with an additional password. The additional passwordcould be assigned, for example, as part of the application process forthe Kid Card. Because the kids only shopping area is within AOL, AOL isable to create the flow of the pages available to the children as theyshop. Therefore, in this example, AOL guides the shopping childrenthrough the online store, displaying whatever advertisements andmarketing materials deemed appropriate by AOL.

[0224] Credit/Debit Cards

[0225] In one embodiment, the Kid Card can be a credit card with apredetermined limit. Alternatively, the Kid Card can be a debit cardwith an available balance that has been paid in advance. For example,the application process for the debit Kid Card might require that acertain amount of money be prepaid on the debit Kid Card to cover anyfuture purchases made with the card. In this example, when the funds areused up, the debit Kid Card no longer allows the purchase of goods.Additional funds must be paid to replenish the purchasing power of theKid Card and allow the child to purchase additional goods.Alternatively, in the credit card embodiment, the Kid Card can purchaseitems up to a certain monetary limit. For example, if the credit limitwas $200.00 then purchases equaling that amount can be made beforepayment is required. Additionally in this example, bills must be sentout by the company providing the Kid Card shopping service.

[0226] Prepaid Gift Cards

[0227] A feature of one embodiment is the availability of prepaid giftcards. These cards operate on the same principle as a debit card or aprepaid phone card. For example, a parent could purchase a Kid Card for$200.00 and give it as a gift to a child. The child is then able topurchase $200.00 worth of goods with the Kid Card. The difference inthis example embodiment is that when the funds are exhausted on the giftKid Card, the level of funds cannot be replenished.

[0228] While various embodiments of the present invention have beendescribed above, it should be understood that they have been presentedby way of example only, and not limitation. Thus, the breadth and scopeof the present invention should not be limited by any of the abovedescribed exemplary embodiments, but should be defined only inaccordance with the following claims and their equivalents.

[0229] IV. Anonymous Shipping and Mailing Transactions

[0230] As stated, it is often desirable to protect the identity ofconsumers when ordering merchandise over the telephone, Internet or byany other means, when said merchandise is to be shipped to the residenceor business of the consumer. The present invention provides a means fora consumer to order merchandise without revealing their true address tothe merchant and/or shipper.

[0231]FIG. 23 is a schematic diagram that depicts one embodiment of thedisguised mailing feature in accordance with one embodiment of thepresent invention. As shown a cardholder 200 having an alias account, asdescribed above, makes a purchase from a merchant 202. The purchase canbe over the telephone, over the Internet or any other computer network,or via any other means available. The merchant uses the alias addressassociated with the alias account, as described above, to ship thepackage. In one embodiment, this alias address is a warehouse or thelike, referred to herein as the disguised mailing center (DMC).Typically, a bin number associated with the Alias account is used tostore the package in a specific location within the DMC. For example theAlias box number shown in the Mail Redirection data table 182, above,can be used for this purpose. The Alias box number is then used togenerate a subscriber information request to the offline database toretrieve the true mailing address of the consumer. Once this address isobtained, the package is relabeled with the true address and sent to theconsumer 208. Preferably, this takes place within twenty-four hours toavoid any further delays to the consumer. In case of returns, theconsumer is provided with a mailing label that sends the packagedirectly back to the merchant 202. Preferably, the return addressprinted on the return label will be that of the DMC 204. Alternatively,in a preferred embodiment, the relabeling process takes place by theshipper in transit. For example, the shipper can contact a server 22,which contacts the offline database with a request for addressinformation. The shipper can then relabel the package with the trueaddress while the package is in transit, and thereby eliminate any extradelays.

[0232]FIG. 24 is a flow chart that depicts a process that can be used torelabel packages in accordance with one embodiment of the presentinvention as described above. First, as shown by step 250, the consumerorders a product using an anonymous transaction system in accordancewith the present invention as described above. Accordingly, the usertypically, uses an credit or debit card associated with an Alias accountto purchase the merchandise. Next as indicated by step 252, the merchantmails the package (or directs a shipper to mail the package), to theAlias address. In one embodiment, the Alias address is a warehouse or alocation referred to as a disguised mailing center (DMC). Next, asindicated by step 255, the bin number for set of characters) is inputinto a relabeling system. In one example embodiment, the bin number is aunique set of characters which is used to correlate an anonymousname/address (i.e. pseudonym) with a real name/address. The bin is readinto the system by scanning in a bar code or the like that comprises thebin. Alternatively, this information can be keyed by hand into thesystem. In any case, this action generates a request to a server that inturn contacts the bunker for the true address of the consumer. Once thisinformation is retrieved, the package is relabeled with the trueaddress, as indicated by step 258. Finally, as indicated by step 260,the package is shipped to the consumer in accordance with consumerpreferences (i.e. overnight, no signature necessary, etc.).

[0233] A second example of a method that can be used to relabel packagesis depicted by the process flowchart in FIG. 25. As indicated by step264, the consumer orders a product from a merchant using an anonymoustransaction system as described above. As described above, package isshipped using the Alias address associated with the account. Next, asindicated by step 268, the shipper issues a request to the bunker forthe true address of the consumer. This is accomplished in a manner asdescribed above, typically through a server 23. Again, the Alias addressor bin number in this example, is used to identify the consumer. Next,as indicated by step 270, the shipper receives the true address of theconsumer and relabels the package with that address, as shown by step272. Finally, as indicated by step 274, the package is shipped to theconsumer in accordance with consumer preferences (i.e. overnight, nosignature necessary, etc.).

[0234] In a third embodiment, the anonymous mailing is accomplished bymailing the merchandise to post office box, which is rented by thecredit card processing company, on behalf of the cardholder. The addressassociated with the cardholder alias name is the post office boxassigned to the cardholder. In one embodiment, the post office box is asclose geographically, to the actual address of the cardholder. In thisexample embodiment, the cardholder picks up the merchandise from thepost office box in person.

[0235] Privacy concerns also arise in connection with shipments and maildelivery unrelated to a purchase. For example, a person may wish toenter sweepstakes and order catalogs and samples without revealing ownidentity. Although these “transactions” do not involve payments,personal information is obtained by the provider of the information orservice (also a “merchant” hereinafter). Thus, the shipment methods andsystems described above are also useful for private anonymous maildelivery service. Moreover, in our increasingly mobile society, mail andpackages are often lost when a person moves to a new address. Althoughchange of address forms may be filed with the United States PostalService, they stay in effect for only a limited period of time; publicentities are also notoriously unreliable. Private mail delivery servicenicely solves these problems as well, by providing a relatively morestable mailing “address” coupled with reliance on a for profit,competitive entity having a self interest in customer service.

[0236] One embodiment of such generic private mail service is depictedin FIG. 26. Initially, the consumer (301) registers with the privatemail service (“PMS” 310), which can be conceptually divided into PrivateMail Administration Service (“PMAS” 311) and Private Mail Mapping Center(“PMMC” 312). PMAC is responsible for customer registration andsubscription, billing, assignment of Private Mail codes, and customerservice functions such as changes to delivery address, modifying accountdata, canceling subscriptions, as well as various other accountmaintenance functions.

[0237] The PMAC is accessible to customers via the Internet, telephone,and mail, although any one contact method is sufficient. Full service ispreferably available through each method of customer contact.

[0238] During the registration process, see FIG. 27, the PMAC obtainscustomer name, billing information, mail delivery address, and possiblyother information. Once these data are collected and processed, the PMACassigns a unique Private Mail Code to a customer. The code is generatedby automated Private Mail Code generation process, which assigns aunique character string to be used as the Private Mail code. Next, PMACmaps the code to the customer delivery address on record. More than onecode may be generated for one customer.

[0239] In order to modify any subscription data, e.g., name or address,the customer will need to authenticate his identity. The authenticationprocess may use a personal identification number (PIN), password,digital certificate, written signature, or other means of positiveidentification. Customer service is preferably available for PMACactivities, so that account changes and customer issues may be resolvedquickly after a customer's registration or other relevant transaction isprocessed by the PMAC, the delivery address and associated PrivateMailing code is added to the PMMC and stored in its database (313). IfPMAC and PMMC are physically separate from each other, a securecommunication link (314) should be established between them forinformation transfer. All updates to the PMMC database are preferablemade in real or quasi real time. A “live” data backup in anotherphysical location (not pictured) is preferably maintained, so that thedata is redundantly stored and service need not be interrupted if PMMCfail or PMAC fail.

[0240] Generally, consumers will not be able to update the PMMC databasedirectly, but will have to identify themselves and follow theregistration and information updating protocol established by the PMAC,as previously described. The specific update functions that consumerswill be able to perform include, but are not limited to creation of anew Private Mail code, deletion of an unwanted Private Mail code, andchanges to the delivery address associated with a Private Mail code.

[0241] PMMC's main function is to provide shippers with the deliveryaddress information associated with the Private Mail code. It includes asecure interface to allow the shippers to look up the delivery addressassociated with a Private Mail code. Additionally, the PMMC might handleadministration functions associated with the shippers, such as accesscontrol to the PMMC, usage, and billing or payment of any transactionfees or service charges.

[0242] The PMMC is preferably a high availability service designed forcontinuous 2417 operations. This will be achieved through the use ofredundant equipment, multiple physical data center locations, robustdisaster recovery methods, and other means designed to prevent serviceinterruptions. PMMC's database is highly secure, accessible only toauthorized users. At a minimum, it maintains the following data: PrivateMail code, physical delivery address, authorized users, and audit trailwith date/time/user associated with each access.

[0243] Shippers' access to the PMMC database is restricted to lookupoperations that map a Private Mail code to a delivery address, and toaccess to certain administrative functions of the PMAC that are used fortroubleshooting, problem resolution, and account maintenance.

[0244] After a customer's registration is completed, the Private MailService is activated. Following activation, the customer has a brand newaddress (the Private Mailing code) assigned.

[0245]FIG. 28 shows a flowchart of a typical transaction, which, ofcourse, need not be a purchase, but instead may be any interaction thatresults in a mailing or shipping. The customer provides the Private Mailcode to a merchant to enable the merchant to ship mail or parcels to thecustomer. Using the example of an online purchase, the customer ordersfrom the merchant in the usual way, but supplies only the Private Mailcode as the “ship to” address. The merchant then fills the order andlabels it for shipment using only the Private Mail code. The parcel ispicked up by the shipper. The shipper, a Private Mail partner, accessesthe PMMC to map the Private Mail code on the parcel to the customer'sphysical delivery address. Once the mapping is completed, the shipperrelabels the parcel, either physically or electronically, with thedelivery address and completes the delivery using conventional means.

[0246] While various embodiments of the present invention have beendescribed above, it should be understood that they have been presentedby way of example only, and not limitation.

1. A system for confirmed authentication of uniquely identified personaland business type information related to a particular subscriber to aservice provider requesting an authentication of said information bymeans of an alias comprising: a) at least one segregated database,containing said uniquely identified personal and business typeinformation related to a particular subscriber for facilitating saidconfirmed authentication and able of confirmed transmission andconfirmed receipt over a communications link wherein said segregateddatabase communicates with at least one requesting entity and is able ofgenerating a formatted response to said formatted request for saidauthentication and able of confirmed transmission of said response oversaid communication link; and b) at least one requesting entity,communicating with said segregated database able of generating aformatted request for said authentication, able of confirmedtransmission of said request over said communication link, and able ofconfirmed receipt of a formatted response over said communication link.2. The system as set out in claim 1, wherein said service providers areselected from the group comprising vendors, wholesale, retailers ande-commerce vendors.
 3. The system as set out in claim 1, wherein said atleast one requesting entity is a financial service provider.
 4. Thesystem as set out in claim 1, wherein said service provider is a creditcard company.
 5. The system as set out in claim 1, wherein saidformatted request is an alias.
 6. The system as set out in claim 1,wherein said formatted request is an alphanumeric code.
 7. The system asset out in claim 1, wherein said communications link is selected fromthe group consisting of a public communication system and a privatecommunications system.
 8. The system as set out in claim 7, wherein saidpublic communication system is a preexisting public communicationsystem.
 9. The system as set out in claim 8 wherein the publiccommunication system is the Internet.
 10. The system as set out in claim9 wherein the protocol on said Internet is selected from the groupconsisting of virtual private network and X.400.
 11. The system as setout in claim 1 wherein said segregated database is accessed by at leastone central server.
 12. The system as set out in claim 11 wherein saidat least one central server is a multi tiered system.
 13. The system asset out ire claim 11, wherein said database contains a lookup table. 14.The system as set out in claim 1, wherein the system is automated. 15.The system as set out in claim 1, wherein said business type informationrelated to a particular subscriber is a subscriber information financialprofile.
 16. The system as set out in claim 15, wherein said subscriberprofile is a financial subscriber profile.
 17. A system for anonymousconfirmed authentication of uniquely identified busing type informationrelated to a particular subscriber to service providers or informationrequesters comprising: a) at least one, requesting service provider, b)at least one subscriber having identified business type informationrelated the particular subscriber; c) an information hub, containingidentified business type information related to the particularsubscriber connected to said requesting service provider via acommunications link for electronically requesting, processing andconfirming the existence of said uniquely identified businessinformation related to a particular subscriber to said requestingservice provider.
 18. The system as set out ire claim 17, wherein saidService Provider or Information Requester is selected from the groupcomprising vendors, wholesalers, retailers and ecommerce vendors. 19.The system as set out in claim 17, wherein said at least one subscriberis a credit card subscriber.
 20. The system as set out in claim 17,wherein said communications link is selected from the group consistingof a public communication system and a private communications system.21. The system as set art in claim 20, wherein said public communicationsystem is a preexisting public communication system.
 22. The system asset out in claim 21 wherein said public communication system is theInternet.
 23. The system as set out in claim 22 wherein the protocol onsaid Internet is selected from the group consisting of virtual privatenetwork and X400
 24. The system as set out in claim 17 wherein saidinformation hub is comprised of a single server.
 25. The system as setout in claim 17 wherein said information hub is comprised of a multitiered server system.
 26. The system as set out in claim 17, wherein thesystem is automated.
 27. The system as set out in claim 17, wherein saidsubscriber profile is financial.
 28. A method for a system of confirmedauthentication of uniquely identified business type records which arerelated to a particular subscriber to an authorized requesting entityusing at least one segregated database which communicates with therequester by means of a communications link comprising the steps of: a)initially generating a request for authentication of the uniquelyidentified business records in a specified format; b) transmitting therequest to a confirming segregated database via the communications link;c) receiving said confirming receipt of the formatted request by thesegregated database; d) confirming receipt of said formatted request andgenerating a formatted response; e) transmitting the response to therequesting entity via the communications link; and f) receiving andconfirming receipt of the formatted response by the requesting entity.29. The method of claim 28, further comprisig the steps of, providing analias account for a credit cardholder on a credit card processing systemthat is associated with a first credit card and that identifies thecardholder with an alias identity; providing a primary account for thecredit cardholder on the credit card processing system that isassociated with a second credit card and identifies the cardholder withthe cardholder's real identity; and providing a secure database tocreate a relationship between the alias account and the primary accountto carry out credit card processing functions, wherein the segregateddatabase comprises the secure database.
 30. The method of claim 29,further comprising the step of creating the relationship between thealias and primary account by constructing a database that associates asecond primary account and a second alias account stored in the securedatabase.
 31. The method of claim 29, further comprising the steps of:constructing a first database that contains information for setting upthe second alias account in the secure database; constructing a seconddatabase containing information for assigning an account number to thesecond alias account setup from information in the first database;constructing a third database containing information to create a profilefor an issuer that is assigned to the second alias account constructedfrom the first database; constructing a fourth database that containsinformation for matching the second alias account created from the firstdatabase and a second primary account that corresponds to the primaryaccount on the card processing system; and constructing a fifth databasecontaining alias and primary account information for replacing the aliasidentity with the cardholder's real identity retrieved from the secondprimary account.
 32. The method of claim 29, further comprising thesteps of: receiving a security stub from an applicant and using thesecurity stub to setup an alias account in the secure database thatcorresponds to a second alias account in the credit card processingsystem; providing the alias account's information to the credit cardprocessing system so that the credit card processing system can set upthe second alias account; receiving a credit card application at thecredit card processing system from an applicant to setup the primaryaccount in the credit card processing system; and providing the primaryaccount's information from the credit card processing system to thesecure database so that the secure database can setup a second primaryaccount that corresponds to the account in the credit card processingsystem.
 33. The method of claim 32, further comprising the steps of:receiving the security stub with a password and a first documenttracking number; receiving the credit card application with a source ofcredit information and a second document tracking number thatcorresponds to the first document tracking number on the security stub;and creating the relationship between the alias account and the primaryaccount based on the first and second document tracking number.
 34. Themethod of claim 29, further comprising the steps of: creating a firstcredit line for the primary account on the credit card processingsystem; transmitting an indication of the first credit line from thecredit card processing system to the secure database; receiving theindication of the first credit line at the secure database andapportioning the fast credit line and assigning a second credit line tothe primary account and a third credit line to the alias account; andtransmitting a message reflecting the second credit tine back to thecredit card processing system to replace the first credit line as a newcredit line associated with the primary account.
 35. The method of claim29, further comprising the steps of: closing the primary or aliasaccount on the credit card processing system; transmitting an indicationto the secure database that the primary or alias account has beenclosed; receiving the indication at the secure database that the primaryor alias account has been closed and in response to receiving theindication; combining the second primary account and the second aliasaccount into a new account; and transmitting the new account to thecredit card processing system.
 36. The method of claim 28 wherein saidresponse is a denial of the request.
 37. The method of claim 28 whereinsaid response is an authentication.
 38. The method of claim 28 whereinsaid response is at least a partial informational compliance.
 39. Themethod of claim 28 wherein said response comprises uniquely identifiedcustomer related profiles.
 40. The method of claim 28 wherein saidcommunications link is selected from the group consisting of a publiccommunication system and a private communications system.
 41. A systemfor anonymous confirmed authentication of uniquely identified personaland business type information related to a particular subscriber toservice provides comprising, a) at least one requesting service providercapable of communicating with at least one server via a communicationslink and generating formatted requests for said authentication, capableof confirmed transmission of said requests over said communication linkand capable of confirmed receipt of a formatted response over saidcommunications link; b) at least one subscriber having identifiedbusiness type information related to the particular subscriber; c) atleast one server capable of verifying a service provider's authorityarid receiving and transmitting via a communication link formattedrequests for said authentication and formatted responses for saidauthentication; and d) at least one offline database containing uniqueidentified personal and business type information for a particularsubscriber capable of receiving via a communication link formattedrequests for said authentication and transmitting a response to saidrequests.
 42. The system as set out in claim 41 wherein the serviceproviders are selected from the group comprising vendors, wholesalers,retailers and ecommerce vendors.
 43. The system as set out in claim 41wherein said at least one service provider is a financial serviceprovider.
 44. The system as set out in claim 41 wherein said serviceprovider is a credit card company.
 45. The system as set out in claim 41wherein said formatted request is an alias.
 46. The system as set out inclaim 41 wherein said formatted request is an alphanumeric code.
 47. Thesystem as set out in claim 41 wherein said communications link isselected from the group consisting of a public communication system arida private communication system.
 48. The system as set out in claim 47wherein said public communication system is the Internet.
 49. The systemas set out in claim 48 wherein the protocol on said Internet is selectedfrom the group consisting of a virtual private network and X.400.